A quick guide to trojans - what they are, how they work and the potential consequences of a having a trojan unwittingly installed on your computer or smartphone.

What is a trojan?

Much like the wooden horse of Greek mythology, a trojan horse program (usually called a trojan) appears to be desirable or harmless, but also silently performs actions that are harmful to the user's device, data or privacy. A legitimate program that also performs a harmful action because of a bug in its coding or flaw in its design may also be considered a trojan, at least until the problem is fixed.

Tricking the user

Trojans first and foremost rely on tricking the user into believing that the program is legitimate, so that they will willingly install the malware themselves. Malware authors will often go to great lengths to make their trojans look authentic, often disguising them as movie or sounds files, documents, popular games, product updates for legitimate programs and so on. If a user can successfully see through this disguise, avoiding the threat is much easier.

Trojans are distributed in many ways – via malicious or compromised websites, in email messages as file attachments, through social media or file sharing networks, even on removable media such as USB sticks. Usually, these distribution channels involve some sort of trickery, such as promising the user a video or image if they click on a link, which gives them the malware instead.

More malicious attacks involve using vulnerabilities in the user's device to forcibly download and install the trojan without the user's permission, in an attack known as a driveby download.

Secret actions

If a trojan succeeds in getting installed onto a system, it is often very difficult for users to realize they are performing any harmful actions, as these are usually well camouflaged to keep the system from triggering any notification messages that might arouse the user's suspicions.

Very generally, trojans can be divided into two groups based on the actions they perform: data-dealers and control-stealers. Data-dealers will look for and steal information from the device or data about the user, such as credit card numbers, passwords or documents, keystrokes entered or the user's web browsing history; control-stealers meanwhile focus on taking control of the computer, for example by installing a backdoor to control the system or programs or opening a channel to a remote site where an attacker can give commands to the infected device.

More technically, most antivirus vendors will give a specific classification to a trojan based on the specific type of action it performs. You can read more about the Types F-Secure uses to classify trojans.

Recognizing and avoiding trojans

Avoiding trojans often comes down to keeping any installed programs on a computer updated to block any attempts at driveby downloads, and exercising some vigilance when downloading files from the Internet, even when offered by a trusted contact. Reputable antivirus programs (especially those with a website security indicator such as Browsing Protection) also provide a layer of defense against these malware.

One advantage mobile devices enjoy over their computer counterparts is that before any program can be installed, a notification message is displayed and the user must manually click ‘OK' before it can be installed. This prevents silent install of a malware onto a mobile device. User vigilance however is still strongly recommended.