1. /
  2. Security Response/
  3. Trojan Horse

Trojan Horse

Risk Level 1: Very Low

Discovered:
February 19, 2004
Updated:
April 20, 2010 4:20:07 PM
Also Known As:
Trojan-Spy.HTML.Smitfraud.c [Kaspersky], Phish-BankFraud.eml.a [McAfee], Trj/Citifraud.A [Panda Software], generic5 [AVG]
Type:
Trojan
Infection Length:
Varies
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Trojan Horse is a detection name used by Symantec to identify malicious software programs that masquerade as benign applications or files.

Trojan horse programs pose as legitimate programs or files that users may recognize and want to use. They rely on this trick to lure a user into inadvertently running the Trojan. Often a Trojan will mimic a well known legitimate file name or pose as a particular type of file, like a .jpg or .doc file to trick a user.

Distribution of Trojans on to compromised computers occurs in a variety of ways. From email attachments and links to instant messages, drive-by downloads and being dropped by other malicious software. Once installed on the compromised computer, the Trojan begins to perform the predetermined actions that it was designed for.

Trojan horse is a generic name given to all Trojan programs and they can be further categorized by their primary payload functions and may generally includes the following types:
  • Backdoor.Trojan - a Trojan with a primary purpose of opening a back door to allow remote access at a later time.
  • Downloader - a Trojan with a primary goal of downloading another piece of software, usually additional malware.
  • Infostealer - a Trojan that attempts to steal information from the compromised computer.

Antivirus Protection Dates

  • Initial Rapid Release version February 19, 2004
  • Latest Rapid Release version November 21, 2014 revision 020
  • Initial Daily Certified version February 19, 2004
  • Latest Daily Certified version November 21, 2014 revision 017
  • Initial Weekly Certified release date February 19, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Actions carried out by Trojan horse programs may vary from one instance to another.
  • Large Scale E-mailing: A Trojan may carry out spam relay operations.
  • Releases Confidential Info: Trojans may attempt to steal information from the compromised computer.
  • Degrades Performance: Activities performed by a Trojan may lead to performance degradation.
  • Compromises Security Settings: Trojans may end processes associated with security applications and also lower security settings.

Distribution

  • Distribution Level: Low
Writeup By: Angela Thigpen

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver