The name "trojan" comes from the ancient Greek legend of the trojan horse. The "trojan horse" program is a popular virus file. It is not self-propagating to infect other files. Usually, trojans are disguised to attract users to download them. Once a user opens the particular file, it plants a trojan virus. Hackers can then use the security hole to remote access users' computers, monitor user behavior and even transfer data.
Trojans work in a way that is similar to remote access, the difference is trojan horses can obtain the permission of the computer, without users' right. The program capacity is very light and small, and runs with resources and bandwidth. It is difficult for computers without anti-virus software to detect it, and stop its actions. It automatically runs each time Windows loads, immediately changes the file name, can even be invisible, or immediately auto copies to another folder, stopping users from running the antivirus.
In order to prevent detection of the trojan, hackers usually encrypt the packet file. When the trojan runs and connects to the user's computer, the hacker is able to get most of the server operating authority, such as copying files, deleting files, modifying the registry, and changing the system configuration of the user's computer. There are two types of trojans - universal and transitive. Universal trojan horses can be controlled, but you cannot control transitive ones.
Trojan technology develops rapidly, mainly because of youngsters who are curious or eager to show their skills. So far, trojans have gone through six generations of improvements:
The first generation is the most original. Simple password theft by sending a trojan via e-mail and waiting for users to respond to the e-mail.
Second generation trojans have made great progress in technology. Glacier is one of the typical representatives of China's trojans.
With major improvements in data transfer technology, third generation trojans are ICMP types that use malformed packet transmission data, increasing the difficulty for antiviruses to identify the software.
The greatly changed fourth generation is a hidden process, using a plug-in kernel to remote and insert threading technology to DLL thread, or articulated PSAPI.
The fifth generation is a hard drive stage trojan. This trojan uses Rootkit technology to achieve hidden depth, then infects the hard drive and attacks the anti-virus software and network firewalls, so they lose their self protection effect. Some hard drive level trojans can lock BIOS, making it more difficult to remove.
