Unless you are in the technology industry, you probably spend little time thinking about the risks you face while using a computer. While thieves used to steal a victim's identity by physically taking his mail, social security card, or driver's license, the Internet has brought identity theft to high tech. We hear of high-profile data breaches involving big corporations, but thieves also attack individual computers. One of the most common forms of attack is the Trojan Horse.
What is a Trojan Horse?
Like the famous horse that the Greek hero Odysseus used to infiltrate the city of Troy, the digital form of the Trojan Horse gains access to your computer by masquerading as a useful application to trick the user into installing the malicious code hidden inside. Unlike viruses, they do not spread themselves to other computers unless they also contain virus software.
If the Trojan Horse is installed or run by a user with elevated privileges (such as the administrator of the computer), the Trojan Horse can get unlimited access and control of the victim's system. Trojan Horses can perform a wide variety of malicious actions on a computer.
Some sobering cyberstats from Kaspersky.com.
Types of Trojan HorsesOutside of ancient Greek poetry, several different kinds of digital Trojan Horses can infiltrate your computer. Here are a few of the most common:
- Remote Access Trojans (or RATs) (also called Backdoor Trojans) allow the attacker to gain complete control over the victim's device or system.
- Data Sending Trojans can collect and send back to the attacker the victim's sensitive data. These "Spy Trojans" can install a keylogger, which provides the hacker with a log of the victim's keystrokes used on the device. This information can include website login information, usernames and passwords, emails (addresses and contents), and instant messaging information.
- A Banker Trojan is a malicious program that steals account data for online banking systems, e-payment systems, and credit or debit cards.
- Spy Trojans can also use web cams and microphones to spy on its victims.
- Destructive Trojans. These Trojans act more like viruses in that they delete and destroy files on the device.
- Security Software Disabler Trojans, if installed by the administrator of a device or system, can secretly disable antivirus programs and firewalls. Once the security software is disabled, the Trojan activates its malicious payload, such as a virus, to wreak havoc on the victim.
- Ransom Trojans allow an attacker to hold a victim's computer hostage until a ransom is paid. Once the Trojan is installed, it will encrypt all of the data on the computer or restrict access to the computer or mobile device. The user will then get a message, often a pop-up window, that dupes (or coerces) the user into paying the ransom. Some of the more common attacks display ransom messages that contain:
- fake warnings from law enforcement agencies claiming that the system has been used for illegal activities such as pornography or media pirating;
- a message from a software company such as Microsoft claiming that the computer contains unlicensed software and demanding payment for license renewal; or
- a notice that the user's system is infected with a virus that the victim can remove by paying for the "remedy".
The message requires payment of the ransom, usually by a deadline of 72 hours or less. The more insidious versions of this attack also encrypt the computer's backup drives so the victim cannot retrieve their data from the backup files.
Number of Trojan Horse malware detected by Kaspersky.com so far this year:
How to Protect Yourself from Trojan Horses
It is almost impossible to avoid Trojan Horses, but you can minimize your risk by doing the following:
- Don't use your computer's administrator login account for everyday use. Set up a separate administrator account to use when you need to make changes to the system and then change your regular account to a standard login for everyday use. If you accidentally download a virus, worm, or Trojan Horse while using an administrator's account, the malicious software has access to the entire device, including system files. While this can be inconvenient (you have to type in an administrator's password each time you install software or make changes to the system), it can save you a world of hurt in the long run.
- Use antivirus software and a firewall from a reputable company. Install strong firewall and security software from reputable a reputable company such as Kaspersky , McAfee, or Norton AND make sure you keep the software up-to-date. Anti-virus software is useless if you don't update it promptly. And don't forget to protect your mobile devices as well.
- Back up your devices often. Backup your data regularly using the "3-2-1" rule: three backup copies of your data on two different media and one of those copies in a separate location.
- Enable automatic updates for Windows and Mac OS X. Hackers are always looking for weaknesses to exploit in computer systems. Developers update their software to eliminate these deficiencies, but you only get the protection if you update the software. Timely updating is critical for your operating system software, whether it is Mac OS X, Windows, or Linux). N.B.: If the developer has stopped supporting the software, you should stop using it.
- Use extreme caution when clicking on links or opening email or instant messaging attachments.
- Stop your email program from automatically opening attachments or rendering graphics in the email (usually in the email app preferences). You may even want to turn off the preview pane to prevent macros from executing.
- Don't click on links in emails before checking to see where the link points. Don't assume the text link or the button will take you where it says it will go.
- Verify email sources before opening any link or email attachment.
- If the email looks suspicious, confirm the source of the email, even if it is from a trusted source.