ESET Online Help

Search English
Select the topic

Trojan

Historically, computer trojans (Trojan horses) have been defined as a class of threats that attempt to present themselves as useful programs and, thus, trick users into running them.

Trojans are a broad category, often divided into several subcategories.

Downloader

These terms usually signify malicious programs, components or functionality whose (usually sole) purpose is to download additional (usually malicious) software onto an infected system and execute it.

Dropper

A trojan dropper is a type of malware that acts as a carrier, containing within itself another malicious executable. When launched, it “drops” or installs the contained file and executes it.

Historically speaking, the term “dropper” was used to describe a file whose sole purpose was to introduce a computer virus into the wild, and these were sometimes called “zero generation” viruses by antivirus researchers, in much the same way that “patient zero” was used by doctors and epidemiologists when discussing infectious diseases. In the case of a polymorphic computer virus, its dropper might not be encrypted but could consist solely of the decrypted computer virus code.

Packer, Crypter, Protector

Packers are the “outer shells” of some trojans, the purpose of which is to make detection and analysis by antivirus software and malware analysts (respectively) more difficult by hiding the payload they contain, making it first necessary to unpack them to ascertain their purpose. Packers often employ various anti-debugging, anti-emulation (anti-VM) techniques and code obfuscation.

Packers also usually make the resulting executable smaller in size and are therefore also used by legitimate software, not only malware. They serve several purposes, mainly compressing the executable and protecting applications against software piracy.

Backdoor, Remote Access Tool/Remote Access Trojan

A backdoor is an app allowing remote access to a computer. The difference between this type of malware and a legitimate app with similar functionality is that the installation is done without the user’s knowledge.

Typical backdoor functionality includes sending files to the host computer, executing files and commands, and exfiltrating (sending) files and documents back to the attacker. Often, this is coupled with key-logging and screen-grabbing functionality for spying and data theft.

The term “RAT” (Remote Access Tool) can be considered a synonym for “backdoor”, but it usually signifies a full tier, including a client app meant for installation on the target system and a server component that allows administration and control of the individual ‘bots’ or compromised systems.

Keylogger

It is a program used to record keystrokes typed on a computer.

Keyloggers can be used for beneficial purposes, such as monitoring employees in a regulated industry, or malignant ones, such as stealing account credentials. Sophisticated keyloggers may also record mouse movements and button clicks, keystrokes typed on on-screen virtual keyboards, and capture screenshots or videos of what is being displayed on the screen.

Hardware keyloggers may also be plugged between a computer and a keyboard to record keystrokes.

Dialer

A dialer is a program designed to redirect the user’s telephone connection (dial-up) to the internet to use a premium rate number.

These programs can be used legally when paying for internet services. However, fraudulent dialers can be used to redirect a connection to a more expensive number without the computer user’s knowledge. This type of threat has become rare in areas where broadband is available.

 

If a file on your computer is detected as a Trojan, it is advisable to delete it because it most likely contains nothing but malicious code.