Trojan Downloaders

November 25, 2013 | by Jonathan French | computer virus, CryptoLocker, Digital Degenerate, Email, malware, Ransomware, trojan, Virus

The term “malware” is thrown around to cover a wide variety of software. It’s a very broad term in the realm of bad things for computers. It covers a variety of software like viruses, keyloggers, adware, and worms. One particular type of malware known as a Trojan Downloader has been a choice delivery method for malware orchestrators though.

A Trojan Downloader is a type of virus that infects a computer like any other virus, but the key difference is that it is usually much smaller in size and does not carry the actual virus payload the campaign is aiming to infect computers with. Instead a Trojan Downloader infects a computer and is programmed to reach out to a remote server to download and run other malware.

trojdownldr resized 600


A recent case of this has been all of the events happening with CryptoLocker. The CryptoLocker virus is a ransomware that has gained a lot of hype lately in the news. It’s a pretty nasty virus that will encrypt many common files on a computer and not decrypt them until you pay them about $300 to get the private keys. The virus itself has not been sent in any emails that we have seen so far though. Instead, there have been many Trojan Downloader variants sent that when they are opened, reach out to a remote server and download CryptoLocker on to the computer directly.

This means blocking just a virus itself is not enough when there are other delivery methods like this. There can be many variations of the downloaders or even other viruses that can install more malware. A Trojan Downloader can be configured to download a multitude of malware and many of these downloaders are reused for later campaigns (same downloader; different virus). By blocking a trojan downloader, it’s possible that rule could block some similar strain or even a completely new virus campaign in the future. This is why it’s important to focus on a complete method by blocking many different vectors associated with a virus. This includes us blocking the virus executable itself, the Trojan Downloaders it may be using, and any webservers associated with the virus. Often times we will see a virus blocked months ago resurface and start getting caught by the same old rules that were in place. There will always be new malware being created though. This is why it is always important to keep anti-virus up to date and use a software or service that can react immediately to any new threats.