Sticky Knowledge Base

Trojan

Trojan
Userlevel 7
Badge +33
Trojans are installed generally without a user’s full, meaningful, and informed consent. A Trojan differs from most malware as the payload (or the behavior) of a Trojan can be controlled potentially from a remote site.

Trojan Dropper: A file that contains at least one additional, malicious file. For a file to be a Trojan Dropper and not solely a “dropper” its payload must be comprised of multiple, unrelated spies (multiple, unrelated spies indicate that this is a custom, affiliate installer). A Trojan Dropper may be an executable that contains multiple files. When the Trojan Dropper executes, the files inside the .exe are installed. A Trojan Dropper may also be a .chm (Windows Help File). Since a .chm is really a Windows proprietary compressor, it may contain multiple, malicious bundles inside the .chm, which the Trojan Dropper installs when the user exec Trojan Downloader: After installation, the Trojan contacts a remote host/site and installs packages or affiliates from the remote host. These installs usually occur without the user’s knowledge. Additionally, a Trojan Downloader’s payload may differ from installation to installation since it obtains downloading instructions from the remote host/site.utes the .chm file.

Trojan Backdoor: After a Trojan Backdoor installs itself, it contacts or listens to a remote site/computer. A Trojan Backdoor may receive instructions or may pass information to a remote/computer. Generally, it opens a port, allowing the machine on which the Trojan Backdoor is running to be further compromised.

Trojan Bot: A Trojan bot is a compromised system that can be controlled (via hard-wired instructions or remotely) as one of many bots that can perform activities such as:

  • Participating in DDoS attacks
  • Sending spam
  • Transferring sensitive information on command
Trojan Phisher: A Trojan Phisher may sit on an infected computer waiting for a specific web page to be visited or may scan the infected machine looking for user names and passwords for bank sites, auction sites or online payment sites.
Trojan Relayer: A Trojan Relayer is an application that’s primary function is to relay spam messages from the infected computer.

Trojan Relayer: A Trojan Relayer is an application that’s primary function is to relay spam messages from the infected computer.

Below are some of the known trojan variants:


This topic has been closed for comments

Cookie policy

We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

Accept cookies Cookie settings