Top trojan "virus" infection sources for computers

Trojan horses are among the most common and severe threats online. The most commonly used tricks and sources by malicious users to infect computers with trojan "viruses" is described in this article as well as means of protection.

With more and more devices being more or less constantly online, the scene of online threats has also been altered. Traditionally, a computer virus would spread and duplicate itself through physical storage media by infecting certain files on a computer, such as .exe files that upon execution on another computer infects that computer. Today, however, computer virus in the traditional sense are rather uncommon and the malicious virus scene is almost completely been dominated by trojan horses.

A trojan horse is strictly not a virus in the sense that it cannot spread in an automatic fashion and requires the user to be tricked into installing it, hence the name, "Trojan". A more severe and uncommon variant of this is a computer worm, which is more similar to a computer virus and will automatically spread itself by exploiting known vulnerabilities in computer systems over the internet and install trojan horses on vulnerable machines. The Sasser worm, which caused massive problems for Windows XP and Windows 2000, is an example of this.

Even though a trojan horse is not a virus, its intentions are definitely malicious. While traditional computer viruses wreaked havoc and often had the intention to destroy a system, a trojan horse does its best to avoid being detected and operate mostly hidden from the users. The purpose of a trojan could range from collecting personal sensitive information of the user, such as credit card statements, usernames and passwords, bank records, private photos and in principle anything that can be of direct value or second-hand value on the black market for the creator or owner of the trojan horse. In addition, trojan horses can also be used to create zombie computers which will become part of a botnet used to perform distributed denial of service attacks or spam activities, both of which can result in the ISP taking measures and shutting down the internet connection for affected users.

Top trojan horse infection tricks and channels

An intrinsic weakness of trojan horses is that infection often requires an active action of the user, therefore, by having some knowledge of the common ways that trojans trick users into installing them, it is possible to significantly reduce the risk of becoming infected by this nasty kind of malware. In the following, the top 5 used infection tricks and channels will be described.

1. Infected websites

The most common way to become infected is to visit websites which have been infected in one way or the other by malicious code. This attack vector is extremely dangerous as it is one of the rare cases where infection can occur to a user with no active user action. This is usually performed by exploiting a vulnerability in an add-on or plugin in the web browser and execute arbitrary code. Typically, the Adobe Flash, Adobe Reader or Oracle Java are targeted as they are installed on most computers.

If a malicious hacker managed to infect a very popular website, the trojan horse will spread extremely rapidly and everyone visiting that website will become infected. Luckily, the probability of this happening is relatively low as it relies on the website itself being vulnerable as well to allow the hacker to modify the HTML source code. Therefore in most cases, small and less popular websites are generally infected, although there is of course no guarantee that an established and popular website cannot become infected.

Prevention: This attack approach, unfortunately, is relatively difficult to fully prevent. The best thing to do is to ensure that a good antivirus software is installed and up to date. In addition also ensure that the web browser itself and the plugins are up to date. Finally, be careful about visiting suspicious websites and pay attention to the warnings displayed on search engines and your web browsers about sites that have been reported to spread viruses, trojans or malware.

2. Fake updates

This infection method which attempts to trick users into installing a trojan by posing as an important update for a software has some similarities to the above method. The difference here is that the attacker does not need to exploit any vulnerabilities of the web browser or its plugins. Instead, the attacker only has to exploit a vulnerable website and force it to display fake pop-up messages or embedded messages claiming that the user needs to install certain software updates.

This attack approach is extremely popular and common when visiting websites in the grey zone of the law, typically involving streaming of TV shows and movies or offering other pirated materieals.
Prevention: The best way to prevent from being infected by this approach is to never install updates from any other source other than the official website for the software. For example, always install and update Flash Player from Adobe's website.

3. Fake video players and codecs

A user can be tricked into installing fake or infected video players and codecs and in this way become infected by a trojan horse or malware.

This approach is commonly engineered in such a way that a still frame of a very popular or attractive looking video is shown in an embedded frame that looks like a legit video player. However, when the user tries to play the video by clicking the "play" button, he or she will be prompted to download and install either an alternate free video player or a free codec that in actuality is the malware itself.

This attack approach is most commonly used on contents that claim to involve either celebrities, controversial topics or adult contents, which can be difficult to resist for many people.

Prevention: Whenever you are prompted to install a video player or codec to view some multimedia content you should be careful. Today, the online multimedia formats are highly standardized and will become so even more with HTML 5. Therefore, you should not need any alternate video players or codecs to play multimedia files on websites with the exception of obviously legit websites such as Netflix. 

4. E-mail attachments and social media links

Infecting users through e-mail attachments is not a new trick at all. Despite its age, it is still an extremely common way to ensure infection. This is due to the fact that we generally trust e-mails from people that we know or people that we think we know. Therefore, a malicious user can either fake the sender's address and make the e-mail appear like it comes from a legitimate source or the attacker can use zombie computers and its e-mail address book to spam e-mails with infected attachments to people.

A variant of this is the use of social networks to post links to infected files or websites. This can be extremely powerful if the attacker manages to take over control of a legitimate user's social network account, and therefore gains immediate credibility to the links that are posted.

Prevention: Be very careful with e-mail attachments and clicking links posted on social networks. Always ensure that the source is truly legit. Often the e-mails or the text associated with this attack approach are formulated in very peculiar ways which can reveal that the e-mail or social network post was not intentional and that the original user is infected and under third-party control.

5. Pirated software and piracy tools

The final source of trojan and malware infection is related to software piracy. Popular proprietary software are often used for this approach. The attacker can bundle the trojan, malware or virus in a package that claims to be the legit software and upload it to various file sharing networks. This is often cleverly done in such way that a working version of the software is included, so that the users will not suspect anything. Since software piracy is a huge problem and popular software are downloaded illegally millions of times, this is a very simple and risk-free way to spread malicious software.

In addition to pirated software, various piracy tools to circumvent copyright and copy protection, also known as cracking tools, can also be used to disguise trojans and malware.

Prevention: Do not use pirated software or piracy tools! This is more or less common sense and users who are infected through these sources should only blame themselves.

Summary and conclusions of the top trojan infection sources

In general, common sense, cautiousness and scepticism should always be applied when visiting less known parts of the internet. The truth is that, similar to the real world, the internet is filled with malicious individuals who in one way or the other want to exploit illegal methods to benefit themselves. There is no 100% bullet-proof way to protect oneself from all threats on the internet. But being cautious, and ensuring that the system is up-to-date and proper antivirus software are installed and updated is usually enough to avoid being infected.

These days, where excellent free antivirus software such as AVG, Avast! and Avira are available, there is really no excuse to not use a proper antivirus software. As a word of caution, test results from several labs show that the bundled antivirus solution for Windows known as Microsoft Security Essentials and Windows Defender are not particularly good when it comes to protection and a security aware user should install a proper antivirus software.