Prerequisite – Trojan, Trojan Horse and Trap Door
Trojan Dropper is program that is designed to secretly install malicious files and programs to victim’s computer without getting noticed. These programs save lot of files on the victim’s drive and launch them without asking for any information from the user. The creators of malware always try to search for ways to bypass the antivirus security and install malware on the victim’s computer. So, using dropper is the most common method that can be used.
These droppers are available for both Windows and Android phones. On Windows, they copy malicious files on to Windows drive without taking any prior permission from user. Whereas in Android, they install apps without letting user know about them. In an Android operating system, malicious apps to be dropped are mostly contained in Android/Trojan Dropper’s Assets Directory.
Why Trojan Droppers are Used ?
Trojan Droppers are used by hackers to secretly put malicious software and files in required location without letting anyone know about it. They can also be used to protect known malicious files from antivirus. Maximum amount of antiviruses are not able to scan all files inside these types of Trojans. Trojan Droppers are commonly used because they have low cost, easy to use, and low-risk means of disguising their software and covering their tracks during malware distribution.
Trojan Droppers can be easily made to look like any other file or application by giving them different icons and file names to avoid being recognized by users. A Trojan Dropper also disables UAC.
What is UAC ?
User Account Control (UAC) is feature that was designed to prevent unauthorized changes to computer. In this manner, it is used to stop unauthorized installation of malware without knowledge of user, and user can stop disable process if finds any such action happening in its machine. In such manner UAC is used to limit Trojan dropper activity. There are four different alert messages that User Account Control shows in order to limit Trojan dropper activity :
- Windows needs your permission to continue.
- A program needs your permission to continue.
- An unidentified program wants to access your computer.
- This program has been blocked. But interesting feature here is that dropper also limits UAC so that required action can take place smoothly and without any difficulty.
How to be Safe ?
- Use firewall to block all incoming connections from internet to services that should not ve publicly available. By default, you should deny all incoming connections and allow only those services you explicitly want to offer to outside world.
- Enforce password policy: Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent damage to your machine in case of an attack.
- Ensure that programs and user of computer use lowest levels of privileges necessary to complete task.
- Disable AutoPlay to prevent automatic launching of executable files on network and removable drives, and disconnect drives when not in use.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.