Top 10 Trojans of All Time

1. NetBus

It was created in Delphi by? Carl-Fredrik Neikter, in 1998. It is a software for remotely controlling a system which runs Microsoft Windows. Not only remote control, it can also be used as a backdoor. Like any other trojan, NetBus also has 2 components: the client and server. The server infects the host computer and the client is used to control it.

2. Back Orifice

Back Orifice’s main purpose is to remotely control a Microsoft Windows Powered system. It has the potential of being used as a RAT (Remote Administration Trojan). It is widely used by “Script Kiddies” due to its easy installation and GUI features. The name “Back Orifice” derives from “Microsoft BackOffice Server“. According to the group, its purpose was to demonstrate the lack of security in Microsoft’s operating system Windows 98. BO was created in Delphi.

3. Sub7

Sub7 or SubSeven is a popular backdoor program and RAT. It is mainly used for causing mischief, but it can also be used to steal credit card information and other such confidential data. Its name “Subseven” is derived by spelling “Netbus” backwards as “SubTen” and replacing “ten” with “seven“. Sub7 is less stable than Netbus, but has more features than it.


It is a Windows-based backdoor trojan program (RAT). It is capable of infecting all Windows OSs. Like most of the trojans, it is also written in Delphi, by Tataye, in 2002. Beast has many unique features, it was one of the first trojans to use the “Reverse Connection” and it used “Injection Method” for its DLL. Its unique features made it popular.

5. ProRat

It is a Turkish-made, Windows-based RAT, made by the PRO Group. It comes in two versions: free and paid version. The free version cannot perform operations on computers present on the WAN, but only on LAN. Its server is known for being almost impossible to remove without up-to-date antivirus. It has many features & it can perform many malicious operations on the victim’s computer. It also has a server creator which enables users to create servers which are undetectable and provides other advanced features.

6. Zlob Trojan

Also known as Trojan.Zlob is a trojan horse which masquerades as a needed video codec in the form of ActiveX. After a victim installs it, it displays popup-ads with a similiar appearance to that of the Microsoft Windows warning pop-ups, informing the user that their computer is infected with a spyware, clicking on these pop-ups starts the download of fake anti-spyware programs.

7. SpySheriff

As the name suggests, it claims to be an anti-spyware program, but it is actually a malware. It gives the infected computers, fake spyware and threat alerts and prompts the user of the infected PC to buy the program. SpySheriff is sometimes not even detected by actual spywares. It is very difficult to remove SpySheriff from the computer which it has infected. It causes many problems, including the Blue Screen of Death!


Also known as Vundo Trojan, Virtumonde, Virtumondo or MS Juan, is a trojan horse that causes pop-ups & advertisements for Rogue Security softwares and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. Vundu causes your browser to show pop-ups from time-to-time.


Turkojan is a RAT and spying tool for Microsoft Windows. It is not detectable by many AVs and only up-to-date antivirus programs can detect it. It is very much similar to ProRat in features, but has some plus and minus.

10. Trojan-Downloader.Win32.Kido.a

It is a Windows DLL file, it copies its executable file with random names to “Program Files“, “Temp“, “Special Folder” & “System“. It also registers its executable file to the registry to ensure that it is launched automatically at system start-up. It also modifies registry keys to make it impossible to boot into “Safe Mode“.
Its removal is not so easy if you don’t have an up-to-date Antivirus Software. The removal procedure includes some binary editing in registry.