Malware analysis

Malware: What are Trojans?

Greg Belding
September 10, 2019 by
Greg Belding


The term “Trojan horse” is normally associated with the ancient Greek story of “The Iliad,” so why is there a type of malware called a Trojan horse? This is done on purpose and for good reason. Trojan horse malware acts similar to the story’s wooden horse and has the same intent — to introduce something unexpected under the guise of something else. 

This article will detail what Trojan horse malware is, how it infects computers and some of the most commonly seen Trojan horse malware today. Those still in the dark about Trojan horses will soon find the illumination the are seeking.

Become a certified reverse engineer!

Become a certified reverse engineer!

Get live, hands-on malware analysis training from anywhere, and become a Certified Reverse Engineering Analyst.

Trojan horse?

Homer’s “The Iliad” described the Trojan War of the eastern Mediterranean in the 12th century B.C. In this epic poem, the Greek city-states went to war with Troy in response to the kidnapping of the beautiful Helen. In a successful ploy to breach the impregnable city wall of Troy, the Greeks gave the Trojans a gift of a massive, hollow horse made of wood. This horse was filled with Greek soldiers and once nightfall came, the soldiers poured out and put Troy to the sword.

But enough with the history lesson. Much like the ancient Trojan horse, modern Trojan horse malware uses the same tactic the Greeks used. It tricks users into thinking that it is legitimate software and it may very well look that way even to trained eyes. Once downloaded, opened and executed on a computer, the Trojan horse becomes activated. And much like the Greek soldiers in the horse, the creators of the Trojan horse will have inside access to your computer. 

It should be noted that while some claim that Trojan horses are viruses, they are really their own classification of malware. Without getting into too many specifics here, viruses reproduce once within a computer and Trojan horses do not. This fundamental difference alone makes Trojan horses stand apart from standard computer viruses. 

What can Trojan horses do?

There is no set list of actions Trojan horses can do. In reality, it depends on what the Trojan’s creators have programmed it to do. It has been said that Trojan horses can be like the Swiss Army knife of hacking. That being said, some of the more common actions Trojan horses can do include:

  • Deleting information
  • Modifying information
  • Copying information
  • Stealing information
  • Blocking information
  • Gain backdoor access to systems
  • Request administrator privileges (and they are often granted)

How do you become infected?

Trojan horses can infect computers in different ways. However, two general methods of infection have been documented by researchers — by hiding within a piece of software and through phishing.

Software method

The software method refers to Trojan horses being attached to a software download, often found online. A popular choice to hide within is freeware and shareware games. Have you ever noticed how many extra pieces of software and apps install themselves when you just wanted to help yourself to a free game download? Remember the old adage — there is no such thing as a free lunch.


The phishing method refers to when Trojan horses are installed from downloading a file from an email that has held itself out to be a trusted source. These sources are often a coworker or client. 

This method has changed over time, and Trojan horses are now most often in Microsoft Office and PDF files to get around the fact that most have been trained to not download and install executable files from unknown or random sources.

Types of Trojans

Attackers are not at a loss for a lack of different types of Trojan horses — there are about as many different kinds of Trojan horses as there are Greek islands. Thinking about Trojan horses is easier when you can separate them into different groups based upon their type, and in this case there are two different groups — by method and by goal.

By method

This categorization is intended for Trojans that are named for how they infect computers. Some examples of these Trojan horses are:

  • Backdoor Trojans: Once executed, this type of Trojan horse opens holes in the infected computer’s security that other attacks and attackers can use to gain access
  • Downloader Trojans: This type takes the liberty to download malicious code, often from a hacker website, to better gain control of your computer
  • Rootkit Trojans: Rootkit Trojans install a rootkit that other attackers can exploit to gain access to your computer
  • Exploit Trojans: This type is based upon the vulnerabilities within the target computer and contains code or data that takes advantage of this perceived opportunity

By goal

This categorization refers to Trojans that are known for what their goal is once inside an infected system. Some examples include:

  • Ransomware Trojans: Deploy ransomware when executed, meaning that your files will likely be encrypted and to get them back you will have to pay a Bitcoin ransom
  • DDoS Trojans: This type takes over your computer and uses it to launch DDoS attacks against other victims
  • Trojan-Dropper: Droppers use Trojan-FakeAV programs to copy antivirus software activity and then hit the user with notifications of a threat that does not exist with the goal of extorting money from the user
  • Trojan-Banker: The purpose of this type is to steal banking account information, including credit and debit cards


Much like the original Trojan horse, Trojan horse malware is deceptive and dangerous. Relying on trickery to get within a user’s computer, Trojan horses threaten literally all the information a computer contains, including banking account information. 

By watching out for freeware downloads and not trusting phishing emails/not opening suspicious email attachments, you will be safer than the ancient city of Troy.


  1. All about Trojans, Malwarebytes
  2. What is a Trojan horse? How this tricky malware works, CSO
  3. What is a Trojan Virus? - Definition, Kaspersky
  4. What Is the Difference: Viruses, Worms, Trojans, and Bots?, Cisco
Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.