I love Greek mythology. The “Iliad” and “Odyssey” are some of the most interesting pieces of literature of all time. The human and theological elements of the stories explore all kinds of themes and topics, including love, duty, sacrifice, hubris, and, of course, trickery.
If you paid any attention in grade school, you’ll remember that the “Iliad” tells the story of the Trojan War. This includes how Paris, the Prince of Troy, invited a war upon his country by stealing the wife of the Spartan king, Menelaus. The king of Sparta enlists the help of his brother, King Agamemnon of Mycenae, to go to war with Troy, a conflict that lasts for 10 years.
Eventually, Odysseus, king of Ithaca, has the idea to build a wooden horse that would sneak harbored Greek soldiers behind the walls of Troy by tricking the Trojans into thinking it was a peace offering. Once inside, the Greeks sneak out of the horse at night and open the gates of Troy to allow the Greek army to sack the city.
Now that you’ve endured a short mythology lesson, today we’re going to look at what a Trojan is in terms of security and what your small business can do to protect itself from harm.
What Is a Trojan Virus?
A Trojan virus is a harmful piece of software that’s made to look legitimate or is included with legitimate applications. If you’ve been on the internet for a decent length of time, you’ve probably come across one or two over the years.
I remember years ago when I was 16 years old downloading a file that I believed to be an install file for the original Halo for PC. I mean, it said something along the lines of “halo_ce_install.exe” so it had to be that, right? Wrong.
Instead, it turned out to be a virus that sent my computer into an endless boot cycle. That was a fun lesson to learn. After that, I was very suspicious of any file download that didn’t come from an official source or wasn’t very well known.
Trojans play on our natural propensity to trust what we see, which is what makes them so dangerous. They operate exactly as their namesake suggests. Playing on our trusts until it’s too late and the file is opened on our systems.
Once opened, Trojans carry out whatever the malware is designed to do, whether that’s to create remote access (RAT: remote access Trojan), crash a hard drive, create popups on the display, hog up processing power, and so on.
Here’s an example of a remote access Trojan in action:
Trojans can be installed on any endpoint they’re formatted for, including computers, servers, routers, switches, smartphones, tablets, Internet of Things (IoT) devices, and many other devices. This leaves a lot of room for potential infections.
Do VPNs Protect Your Business From Trojans?
No. Protection from Trojan software has to come from antimalware/antivirus or through deep packet inspection via a firewall.
A VPN is a network security solution that creates an encrypted tunnel for traffic to pass through that outside eyes can’t intercept and manipulate as shown below in the diagram made for our guide to perimeter security architecture:
What does this have to do with Trojans? Absolutely nothing and that’s exactly the point. VPNs encrypt network traffic, but they can’t stop you from downloading and executing Trojan software on devices.
Connect to the most secure VPN you want but you can still use that encrypted tunnel to download malicious programs.
How Can You Protect Your Business From Trojans?
Protection from Trojans comes from a combined strategy of education as well as software-based safeguards. Education is a crucial component of any cybersecurity strategy since it’s better to prevent breaches and infections altogether instead of only counting on your security solutions to do the heavy lifting.
Your employees must understand that they should only download from sources that are known, trusted, and reliable. Trojans can come from anywhere, including emails, coupled with seemingly legitimate software downloads, or masqueraded as other files such as documents, images, spreadsheets, and more.
For example, if you’re expecting an image, document, or spreadsheet, make sure you verify that the file type matches what you’re expecting to download.
If you’re expecting any of the following but you notice what you got was a “.exe” file, that’s a huge red flag. “.exe” is an executable file, which means it’s either an application or an installation file.
Very different from these various file common types:
- Documents: .docx, .doc, .pdf, .txt, and .html
- Images: .jpg/.jpeg, .png, .gif, and .svg,
- Videos: .mov, .mp4, .avi, .flv, and .avchd
- Audio: .mp3, .wav, and .m4a,
- Presentations: .ppt/.pptx, .odp, and .key
Of course, if you’re expecting an executable file, it’s harder to discern at face value whether the program is legitimate on your own. The good news is that you don’t have to just rely on your employees to inspect every single thing they download at a granular level.
Antivirus/antimalware software is one software solution for detecting, preventing, and removing Trojans from your endpoints. This software is installed on all kinds of endpoints and devices so that any new file that is downloaded, installed, and executed on the device is inspected for any hints of anything suspicious.
Three Hosting Types of Antimalware Software
There are three hosting types of antimalware software: host-based, cloud-based/server-based, and network-based.
- Installed directly on the host computer itself
- All the devices need to have their signatures updated constantly, which is cumbersome to manage
- Large organizations require an antimalware server to track, push, and manage updates
- Centralized antimalware service that runs in the cloud or on a local server
- Inbound and outbound communication requests are examined by the service
- Easy to manage and sometimes requires no additional software to be installed on a host
- Runs on firewalls or other nodes that process internet traffic such as proxy servers
- All traffic that passes through it is examined and uses signatures to identify malware
- Doesn’t require any software on the host ― the entire network is protected
Three Types of Malicious Software Detection
- Signature-based detection
- Heuristic-based detection
- Behavior-based detection
This way, using all three types helps protect your organization better. Antivirus/antimalware detects and prevents malicious software from gaining a foothold using three specific types of detection:
1. Signature-based detection
Your software looks for specific signatures that certain types of malware display. Kind of like looking for a criminal’s calling card. This is the oldest form of detection and it relies on the antimalware vendor and user to keep the software up to date with the latest malware signatures.
2. Heuristic-based detection
This takes detection a step further by widening the net and evaluating code patterns instead of looking for exact matches in a signature database.
3. Behavior-based detection
This is the most advanced form of malware detection. Instead of matching up code and signatures with databases, behavior-based detection works exactly as you’d expect. The antimalware software evaluates how a file behaves when executed and as soon as it detects malicious or risky behavior, it stops the program and alerts the user.
These detection methods are all used to detect and prevent Trojans from carrying out their purposes, thereby protecting your systems from what initially seemed like a harmless download.
If you want advice on which antivirus/antimalware software is right for your business, be sure to check out our list for the best antivirus software of 2023 and the detailed reviews included.
What To Do Next
With a better understanding of Trojan viruses, how they work, and what you can do to protect your business from this malicious software you can learn more about protecting your business from other cyber threats here at our Cybersecurity Resources for Small Business page.