English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trojan

Synonyms: Trojan horse

The term Trojan is taken from the wooden horse used by the Greeks to sneak inside the city of Troy and capture it. The first Trojans, which appeared in the late 1980s, masqueraded as innocent programs. Once the unsuspecting user ran the program, the Trojan would deliver its harmful payload. Hence the copy-book definition of a Trojan as a non-replicating program that appears to be legitimate but is designed to carry out some harmful action on the victim computer.

One of the key factors distinguishing Trojans from viruses and worms is that they don’t spread by themselves. In the early days of PC malware, Trojans were relatively uncommon since the author had to find some way of distributing the Trojan manually. The widespread use of the Internet and the development of the Word Wide Web provided an easy mechanism for distributing Trojans far and wide.

Today, Trojans are very common. They typically install silently and carry out their function(s) invisible to the user.

Like viruses and worms, Trojans are often sub-divided into different categories based on their function.

  • Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines.
  • PSW Trojans steal passwords from victim machines (although some steal other types of information also: IP address, registration details, e-mail client details, and so on).
  • Trojan Clickers re-direct victim machines to a specified web site, either to raise the ‘hit-count’ of a site, or for advertising purposes, or to organize a DoS attack on a specified site, or to direct the victim to a web site containing other malicious code.
  • Trojan Droppers and Trojan Downloaders install malicious code on a victim machine, either a new malicious program or a new version of some previously installed malware.
  • Trojan Proxies function as a proxy server and provide anonymous access to the Internet: they are commonly used by spammers for large-scale distribution of spam e-mail.
  • Trojan Spies track user activity, save the information to the user’s hard disk and then forward it to the author or ‘master’ of the Trojan.
  • Trojan Notifiers inform the author or ‘master’ that malicious code has been installed on a victim machine and relay information about the IP address, open ports, e-mail address and so on.
  • Archive bombs are designed to sabotage anti-virus programs. They take the form of a specially constructed archive file that ‘explodes’ when the archive is opened for scanning by the anti-virus program’s de-compressor. The result is that the machine crashes, slows down or is filled with garbage data.

Read more:


TCP/IP port

Synonyms: Port

In computing, ports are connection points.

They may be physical connection points, as in the COM (or serial) and parallel ports used by physical input or output devices. Before the advent of USB ports, monitor, keyboard, mouse and modem typically used a COM port (where data is transferred ‘serially’, one bit at a time), while printers typically used a parallel port (where data is transferred ‘in parallel’, eight bits at a time). Today, most computers are equipped with a number of USB ports. USB allows up to 127 devices to connect to a single computer and allows for rapid transfer of data.

They may also be logical connection points for data transferred via TCP/IP or UDP networks. Some port numbers are reserved: port 80, for example, is reserved for the HTTP service. Others are assigned dynamically for each connection. Ports are used by authors of malicious code to transfer data from a victim machine to the ‘master’, or to download additional malicious.


Terabyte

A terabyte [TB] is a unit of measurement for computer storage and is equivalent to a thousand gigabytes.


TCP/IP [Transmission Control Protocol/Internet Protocol]

TCP/IP is the protocol that is used by the countless computers around the world that connect to each other through the Internet. ‘TCP’ splits data into packets for transmission across the Internet and re-assembles them at the other end. The ‘IP’ part of the protocol is responsible for addressing the packets to the right location.


Trojan Clickers

Trojan Clickers re-direct victim machines to a specified web site. This is done either to raise the ‘hit-count’ of a site, for advertising purposes, or to organize a DDoS attack on a specified site, or to direct the victim to a web site containing other malicious code (another Trojan, for example). The Trojan does this either by sending commands to the web browser or by simply replacing system files that contain URLs (the Windows® ‘hosts file’, for example).


Trojan Droppers

The purpose of Trojan Droppers, as the name suggests, is to install malicious code on a victim machine. They either install another malicious program or a new version of some previously installed malware. Trojan Droppers often carry several completely unrelated pieces of malware that may be different in behavior or even written by different coders: in effect, they’re a kind of malware archive containing many kinds of different malicious code. They may also include a joke or hoax, to distract the user from the real purpose of the Dropper, the background installation of malicious code, or adware or ‘pornware’ programs. Droppers are often used to carry known Trojans, since it is significantly easier to write a dropper than a brand new Trojan that anti-virus programs will not be able to detect. Most droppers are written using VBS or JavaScript: they are, therefore, easy to write and can be used to perform multiple tasks.


Trojan Downloaders

These Trojans (like Trojan Droppers) are used to install malicious code on a victim machine. However, they can be more useful to malware authors. First, Downloaders are much smaller than Droppers. Second, they can be used to download endless new versions of malicious code, adware or ‘pornware’ programs. Like Droppers, Downloaders are also typically written in script languages such as VBS or JavaScript. They also often exploit Microsoft® Internet Explorer vulnerabilities.


Trojan Proxies

These Trojans function as a proxy server and provide anonymous access to the Internet: they are commonly used by spammers for large-scale distribution of spam e-mail.


Trojan Spies

Trojan Spies, as the name suggests, track user activity, save the information to the user’s hard disk and then forward it to the author or ‘master’ of the Trojan. The information collected includes keystrokes and screen-shots, used in the theft of banking data to support online fraud.


Trojan Notifiers

The purpose of these Trojans is to inform the author or ‘master’ that malicious code has been installed on the victim machine and to relay information about the IP address, open ports, e-mail address and so on. Trojan Notifiers are typically included in a Trojan ‘pack’ that contains other malware.


Toolkit

is a set of tools or utilities designed to achieve a particular goal. In the case above, a toolkit is used to create and manage a botnet that is then used to steal users’ online banking credentials.