Some Indicators of Trojan Activity on your Machine

Last month, I posted a list of indicators that you may experience if there were computer Viruses infecting your system (see the blog from June 1, 2007). This was just the first in a series of articles on indicators of various types of Malware. This month, our Malware topic is the Trojan Horse, or just plain “Trojan”.

Trojans are self-contained programs that are designed to look like (and be mistaken for) useful or necessary programs on your computer you would never look twice at. There are several ways a Trojan might make its way onto your system. All you have to do is open or even just read emails that contain a Trojan and suddenly you have it too! A Trojan can be hiding in documents that contain Macros such as a regular Word document. You can download or upload a program or even just click links displayed on Web pages, and guess what? You can get a Trojan that way too! Trojans can also be the payload of a classic Virus, or they can be implanted by an attacker that has already compromised your system.

So when you get a Trojan, what can it do? Typically, Trojans contain backdoor remote administration tools that allow attackers to access your system undetected. There are all sorts of things that can be done from there. Often attackers will implant keystroke loggers or leverage password extraction and cracking techniques that will allow them to then thoroughly compromise your system.

So what are some indicators that you do have a Trojan on your system? Here are some that may show up:

·         Registry updating: Startup messages may appear that say new software has been (or is being) installed

·         You may see new or strange processes running in the Windows Task Manager

·         You may see anti-Virus software and/or personal firewall software terminate suddenly or unexpectedly. This can occur at startup or when loading these programs

·         Applications may suddenly and inexplicably become unresponsive to normal commands

·         You may see unexplained remote login prompts occurring at unusual times

·         You may see an unfamiliar login screen pop up

·         You may see unexpected or unscheduled Internet connection activity

·         You may see unusual redirection of normal Web requests to unknown sites

If you see things like this happening on your computer, it is really a good idea to check them out instead of just assuming they are more inexplicable computer activities. Remember, if you get a Trojan on your home computer and you also use that computer for business purposes, you might just be handing an attacker the keys to the kingdom!

Leave a Reply