Networking : Three-pronged Trojan attack threatens security on the Internet.
Related Links
Featured Links
Recommended Products
Featured Articles
10 Things to Ponder Before Moving Your Office Network Moving the office network? How hard could it be? Anybody who's ever moved the office network knows the risks and challenges associated with this colossal task. This mighty endeavour is not merely a case of logging-off, shutting down and pulling the plug. ... Personal Wireless with Bluetooth If you already have a wireless network for your computers, you may be very interested in what's coming next. Would you like it if your PDA, your mobile phone, your mp3 player and almost everything else you connect to your computer could be wireless too? ... Why Get a Microsoft MCSE Certification? Why Get a Microsoft MCSE Certification? In the years of the dot com boom and bust, the Microsoft MCSE Certification has gotten its eye blackened over an over. Paper Microsoft MCSE's who were excellent at finding brain dumps and passing exams gave the ...
Three-pronged Trojan attack threatens security on the Internet.
Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names of a modern day version of The Three Musketeers. These are Trojans engineered for a hacker attack that will infect computers and open them for use in further attacks.
"Combating computer viruses is essentially a game of hide and seek," says Govind Rammurthy, CEO, MicroWorld Technologies, among the leading Security Solutions providers. "Hackers riding piggyback on viruses have only a short window of opportunity to maximize their gain before the viruses are detected, neutralized and logged into Virus Definition databases, 'vaccinating' the system against those strains.
Without continuing system vulnerability caused by virus infection there is little they can do to further their malicious ends like stealing personal information, credit card details and other sensitive and vital data. To achieve their ends they need to keep the system vulnerability going for more time. This co-ordinated Trojan threat is an attempt to the keep that 'backdoor' open, essentially buying time," he concludes.
Of the three, Glieder leads the initial charge. It sneaks past anti-virus protection to download and execute files from a long, hard-coded list of URLs and "plant" the infected machine with "hooks" for future use. On Windows 2000 and Windows XP machines, it attempts to stop and disable the Internet Connection Firewall and the Security Center service (introduced with Windows XP Service Pack 2). Then the Trojan accesses the URL list to download Fantibag. The way is now paved to launch the second stage of attack.
Sulabh, a tester with MicroWorld Technologies says of Fantibag, "Now Fantibag goes about attacking the networking feature of the infected system to prevent it from communicating with anti-virus firms and denying access to the Microsoft Windows Update site. It closes your escape route by making it impossible to download an anti-virus solution and any subsequent Windows security patch to your system. Effectively it helps Mitglieder (the third stage Trojan) open the
'backdoor' by shutting the other doors on you."
Mitglieder puts the system under complete control of the attacker by opening the 'backdoor' on a port using which the attacker can update the Trojan, to stay a step ahead of attempts to remove it, download and execute files, initiate an SMTP server to relay spam, execute files on the infected computer and download and execute files via an URL. "This is what makes it scary," say Aarti, Assistant Manager, QA, MicroWorld Technologies. "The fact that the system can now be used as a remote controlled 'soldier' (bot) in an army (botnet) of similarly compromised machines to launch criminally motivated attacks, causing harm to Internet users."
Botnets thus formed can among other things, use your machine to launch Distributed Denial of service attacks which overload servers, making them crash, to send out spam, spread new Malware, plant Keylogger to retrieve your personal information like identity, passwords, account numbers etc., install Spyware, manipulate online polls/games, abuse programs like Google AdSense to cheat advertisers of revenue, and install Advertisement Addons for financial gain as in fake websites advertising services that don't exist.
"Botnets can even encompass over 50,000 host machines. The potential for mischief is huge," reflects Govind Rammurthy. "Such a three-pronged Trojan attack where attackers change their virus code and release viruses quickly to bypass virus signature scanners, then disable network access to deny the user link-ups to anti-virus and Microsoft Windows Update site for protection has huge significance for virus-signature based protection. It is a sign of things to come," he says, remembering the scramble at MicroWorld labs to update their products to detect and remove the three Trojans.
Anti-virus updates for the three-pronged Trojan threat are available at MicroWorld Technologies site. Maybe the time for worrying about some pimply teenager turning out malicious code because they have nothing better to do on a nice sunny morning, is over. The world could be facing a determined organized crime syndicate who'll stop at nothing to get what they want - information precious to you.
For more information visit http://www.mwti.net or write to manish@mwti.net
About the Author MicroWorld Technologies is one of the leading solution providers for Information Technology, Content Security and Communications Software.
Young workers' access to social networking sites a concern for ... San Jose Mercury News, USA - 13 hours ago By Steve Johnson Social-networking sites such as Facebook and MySpace are being targeted so often by cyber-crooks and other mischief-makers that half of the ...
CSC Announces Social Networking Community for Property and ... MarketWatch - 16 hours ago More than 3000 members representing 200 companies have joined since the network was launched at the company's Fall Connect conference in Lake Buena Vista, ...
