by: Peter Smith
In Greek Mythology, Odysseus tricked the Trojans into letting the Greek army into the impregnable gates of Troy by having his men convert one of their ships into a huge wooden horse, presenting it as a gift with all his troops inside. Shown to beautiful effect by the Brad Pitt film Troy, the tactic is unfortunately used in the computing world in exactly the same way.
Trojan Horses are programs that masquerade as something harmless. They don't replicate themselves, they don't destroy your data, and they don't seem to do anything. Don’t be fooled. Trojan Horses do their dirty work, like the Greeks of myth, by being the "inside man" – they'll disable your firewall protection, opening ports for botnet masters to turn your computer into a zombie, they'll promise to remove viruses while downloading installation packages for them, or they'll invite keystroke loggers to steal your personal information and send it out on the Internet for people who'll use the information to do untold harm to you.
Most Trojan Horses, like phishing attacks, rely on the human side of security to work. You'll see a pop up ad advertising something (like a high school class reunion search engine, or something to cleanse your computer of viruses and spyware) and click on it. Or you'll get a link to a video clip from a friend or an email attachment, claiming to be a patch to protect your computer from a virus.
As always, the best way to stop this is to never click on attachments from people you don't know and don't trust implicitly. Never ever download something you weren't specifically looking for in a legitimate directory of applications (like http://tucows.com). Always assume that any email from someone you don't know is a spammer trying to do you harm, unless you have legitimate reasons to believe otherwise.
Activating Trojans is never a good thing – they run roughshod (pun intended) over all of your data. They can erase things, install other programs, give your computer a host of ailments, and steal your personal data, sending out to scammers and thieves.
Most operating systems have regular security updates. Make sure you update your installation regularly – Windows Automatic Update is a good thing to just leave turned on for your machine. You'll also be better protected by making sure your computer is run with a user account, rather than an account with administration privileges. Most Trojans need those administrative privileges to install themselves, and simply having a separate administrative account you use for installing software, and a user account where you use it, is a good mechanism to stop Trojans (this is the default on Macintosh and Linux systems, and one of the main reasons why there aren't as many malware threats for those platforms.)
Always be vigilant and, if you have one, use a firewall to guard your computer – even a software one like ZoneAlarm will do the job. A firewall closes off ports (ways your computer talks to other computers) which are the common targets and communication paths for Trojans to do their dirty work.
Trojan Horse Delivered In Automatic Update
by: Darren Miller
Trojan Horse - One Mans “Worse Case Scenario” Prediction
----------------------------
This is a fictional article about a Trojan Horse Virus, or you could say it is one mans prediction of a “worse case scenario”. Because of the field I’m in, I maintain a personal list of my top 10 “worse case scenarios”. Every time I perform a security assessment I run into something new or identify a situation that is ripe for a potential vulnerability. I think we could all agree that no respectable or ethical company would intentionally deliver a malicious piece of code as part of a helpful update solution. However, the reality is that human beings are behind technology and human beings are unpredictable and fallible.
Many major operating system vendors have automatic update services. Many hardware vendors and other software packages have followed this trend, incorporating automated update services into their products. In some cases, the services for automatic updates run as the local “system” account. This account has the ability to access and modify most of the operating system and application environment. When automatic updates were relative new, many people would perform the updates manually, however, as time has progressed, many now trust these services and allow the updates to proceed in a truly automated fashion.
The Final Step Before The Hammer Falls
--------------------------
So let’s expand upon our “worse case scenario”. A new service pack is just about ready for release. The last step prior to public release is quality control / validation. The team of people performing this task includes a significantly disgruntled employee (Or may he/she is going through a horrible life crisis and has not much to lose). When people are in pain or distress it is not uncommon for them to project this same feeling onto others in any way they can. So, instead of performing their job in the normal fashion, they decide to incorporate a malicious payload into the forthcoming update.
The First Step For The Trojan Horse: Evasion
--------------------------------------------------
This payload has some unique characteristic, three to be precise. First, it is constructed in such as way to not appear as something malicious. The anti-virus and anti-spyware programs currently on the market won’t be able to detect it through anomalous detection techniques.
The Second Step For The Trojan Horse: Information Collection
----------------------------
Secondly, it has been instructed to wait 12 hours to activate to start searching your computer an network for important files that may contain financial, healthcare, and other confidential information such as user accounts and passwords. It then sends this information to anonymous systems on the Internet. Because this “Trojan horse” has been incorporated into an automated update by someone with reasonable skills, it is instructed to only perform the collection of data for 12 hours. Given the number of global systems that allow automated updates, 12 hours should be more than enough. The person behind this realizes that someone will quickly identify that something malicious is going on and start to roll-out a defense solution to halt the process.
The Final Step: Incapacitate
-------------------------------
Finally, the Trojan Horse will cease it’s data collection and deliver it’s final blow. Because of the level of system privilege it is running at, it modifies the communication protocols and services on the system to prevent any type of external communication to its local peers and external (Internet) hosts. It does this in such as way that the only immediate method to recover from this is a system roll-back, system repair, or restore from near-line media, such as tape or disk. And as far as system recovery is concerned, I can tell you that many people even in corporate entities do not perform the most basic steps to be prepared for a quick system disaster recovery. In some cases, some of the most important recovery services have been disabled because of lack of system resources or disk space (which is amazing given how inexpensive this is anymore).
What Could Be The Impact Of This “Trusted” Trojan Horse
----------------------------------------
Just about every time you install a new application or piece of software you increase the time it takes to boot your PC and in some cases decrease its performance. On thing that drives me crazy is printing software. For the life of me I cannot understand how or why printer support software could total 400MB in size, but they sometimes do. Not only that, they tend to load all kinds of unnecessary real-time running applets. HP printers are notorious for this. Be very aware of what it is you are loading and only load those components that you need. Even some off-the-shelf software packages load adware and other not so helpful applets. Also, when you uninstall software, not all the software gets uninstalled in many cases. One thing I suggest is to purchase a registry cleaner. This can dramatically decrease boot times and in many cases increase the overall performance of your PC.
People are already concerned about identity theft, or at least they should be. I recently spoke with a business associate that told me that even with everything he does to keep his identity secure he has been the victim of identity theft not once, but twice. If your user id’s, online accounts, passwords, financials, or other confidential information winds up on the Internet for any anonymous person to see, you can bet it will be used in a way to cause you problems. Even if only 10% of the global systems fell victim to this Trojan Horse, the cut off of communications could cost businesses billions of dollars and potentially impact their reputation as “secure” institutions.
Conclusion
----------
If we don’t think that this “worse case scenario” can happen, then we’re kidding ourselves. Recently, one of the market leaders in the perimeter defense business had to recall a service pack because it contained a significant “bug” that could result in a security breach; a service pack that can be delivered through and intelligent update service. Obviously there has to be a certain level of trust between us, the consumer, and the vendors of hardware / software we rely on. I’m not entirely sure what “fail-proof” solution can be put in place to prevent something like this from happening. Although I’m sure there are quite a few checks and balances in place already. The bottom line is, if you or I can image a scenario like this, there is always a chance of it happening. In my case, I usually wait for several days to apply new service packs and hot-fixes. Hopefully someone else will find the problem, correct it, and then I’ll apply it.
You may reprint or publish this article free of charge as long as the bylines are included.
Original URL (The Web version of the article)
------------
Instant Messaging – Expressway for Identity Theft, Trojan Horses, Viruses, and Worms
by: Dee Scrip
Never before with Instant Messaging (IM) has a more vital warning been needed for current and potential IM buddies who chat on line.
John Sakoda of IMlogic CTO and Vice President of Products stated that,
"IM viruses and worms are growing exponentially….Virus writers are now shifting the focus of their attack to instant messaging, which is seen as a largely unprotected channel into the enterprise."
Because Instant Messaging operates on peer-to-peer (P2P) networks, it spawns an irresistible temptation for malicious computer hackers. P2P networks share files and operate on industry standard codec (encyrption codes) and industry standard protocols, which are publicly open and interpretable. Anti virus software does not incorporate protection for Instant Messaging services.
Like sharks in a feeding frenzy, these hacker mercenaries view Instant Messaging clients as their personal “Cash Cow” because of the ease by which they can access your computer via the publicly open and interpretable standards, unleash a Trojan horse, virus, or worm, as well as gather your personal and confidential information, and sell it to other depraved reprobates.
Please, don’t be naïve enough to think it won’t or couldn’t happen to you!
Want to see how easy it is for hackers to access your Instant Messaging chat and what can happen to you as a result?
Did you know that some hacker-friendly providers offer processor chips that can be bought on the Internet? (I guess it would be pretty hard to walk into a store and ask the clerk to help them find a processor chip that could be used to illegally hack into a victim’s computer for the sole purpose of spreading malicious code or stealing someone’s identity!)
Did you know that hacker-friendly providers actually offer hacker software that enables these criminals to deliberately disable security on computers, access your personal and confidential information, as well as inject their Trojan horses, viruses, and worms?
Hacker manuals are also conveniently accessible via the Internet. One of these manuals shows how to DoS other sites. DoSing (Disruption of Service) involves gaining unauthorized access to the “command prompt” on your computer and using it to tie up your vital Internet services. When a hacker invades your system, they can then delete or create files and emails, modify security features, and plant viruses or time bombs onto your computer.
“Sniff” is a tool (originally intended to help telecommunication professionals detect and solve problems) that reprobate hackers use to tamper with the protocol and “sniff out” data. When hackers sniff out your IM data packet from Internet traffic, they reconstruct it to intercept conversations. This enables them to eavesdrop on conversations, gather information, and sell it to other depraved criminal entities.
Don’t set yourself up to be the next Identity Theft Victim because you like to chat using Instant Messaging.
Identity theft is one of the most sinister of vulnerabilities you can inadvertently be subjected to. Identity theft is defined by the Department of Justice as
“…the wrongful obtaining and using of someone else’s personal data in some way that involves fraud or deception, typically for economic gain.”
Identity theft is the by-product of hacker mercenaries obtaining your social security number (including those of your spouse and children), your bank account, your credit card information, etc., from the Internet. You become a virtual “Cash Cow” for hackers as your information is then sold to other felons for financial gain. Using your information, these criminals then:
- access your bank account funds
- create new bank accounts with your information
- create driver’s licenses
- create passports
Attorney General Ashcroft stated that,
"Identity theft carries a heavy price, both in the damage to individuals whose identities are stolen and the enormous cost to America's businesses.”
A group hosting a website known as shadowcrew.com was indicted on conspiracy charges for stealing credit card numbers and identity documents, then selling them online. While this group allegedly trafficked $1.7 million in stolen credit card numbers, they also caused losses in excess of $4 million.
According to a Press Release issued by the Department of Justice on February 28, 2005, a hacker was convicted of several counts of fraud, one in which
“…he fraudulently possessed more than 15 computer usernames and passwords belonging to other persons for the purpose of accessing their bank and financial services accounts, opening online bank accounts in the names of those persons, and transferring funds to unauthorized accounts.”
Trojan Horses, Viruses, and Worms – The Toxic Trio
According to Dictionary.com, a Trojan horse is “…a subversive group that supports the enemy and engages in espionage or sabotage---an enemy in your midst.” The toxic cargo of Trojan horses can include viruses or worms.
A Trojan horse is a program that Internet criminals use to interrupt and interfere with your security software and produce the following results
- Terminates processes
- Removes registry entries
- Stops services
- Deletes files
Hackers, who have gained access to your computer, because of the easily accessible programs and software as mentioned above, are enthusiastically incorporating this venomous little program into their arsenal of weapons.
As recently as March 4, 2005, a new Trojan horse was discovered that modified settings in Internet Explorer. Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP were the reported systems that could be affected.
On January 28, 2005, a press Release issued by the Department of Justice reported that a 19 year old was convicted for his criminal activity by “…creating and unleashing a variant of the MS Blaster computer worm.” Christopher Wray, Attorney General – Criminal Division stated that,
"This … malicious attack on the information superhighway caused an economic and technological disruption that was felt around the world.”
By the way, “malicious” is defined by Webster as “…intentionally mischievous or harmful”.
On February 11, 2005, in a Press Release issued by the Department of Justice, reported that another criminal was sentenced for circulating a worm. This worm,
“…directed the infected computers to launch a distributed denial of service (DOS) attack against Microsoft's main web site causing the site to shutdown and thus became inaccessible to the public for approximately four hours.” March 7, 2005, Symantec.com posted discovery of a worm named “W32.Serflog.B” that spread through file-sharing networks and MSN Messenger – networks that operate on publicly open and interpretable industry standards administered by P2P systems that host Instant Messaging clients—none of which are protected, regardless of the anti virus software on your computer. The W32.Serflog.B worm also lowers security settings and appears as a blank message window on the MSN Messenger.
SOLUTION
Avoid at all costs, P2P file sharing networks as they operate on publicly open and interpretable industry standards. (Instant Messaging services run on P2P file sharing networks.)
If you like the convenience of text chatting via Instant Messaging, then why not consider an optimally secure VoIP (voice over internet protocol), also known as a Computer Phone, that incorporates the Instant Messaging feature. Make sure the VoIP internet service provider does not operate on P2P file sharing networks that use industry standard codec or industry standard protocols that are publicly open and accessible. (Don’t forget, these standards create the vulnerability which hackers are capitalizing on because of their easy accessibility.)
Optimally secure VoIP service providers that incorporate a secure Instant Messaging feature, operate from their own proprietary high end encryption codec on patented technology which is hosted in a professional facility. Simply put, when a VoIP internet service provider is optimally secure, the Instant Messaging feature on the VoIP softphone is also incorporated in their optimally secure technology.
Here’s the bottom line.
If you are currently using Instant Messaging of any sort, you need to make a decision:
- Continue enticing hacker mercenaries and remain as a user of an Instant Messaging service, or
- Take immediate corrective action.
If you decide to take immediate corrective action:
- Find an optimally secure VoIP internet solution provider that includes the Instant Messaging feature in their proprietary patented technology.
- Find an optimally secure VoIP internet solution provider that has their own proprietary high end encryption codec.
- Find an optimally secure VoIP internet solution provider that has their own proprietary patented technology.
- Find an optimally secure VoIP internet solution provider that hosts their proprietary patented technology in a professional facility.
Here’s a place you can look over to see what an optimally secure VoIP internet solution provider looks like--one that operates on their own proprietary high end encryption codec with their own proprietary patented technology hosted in a professional facility, AND one that incorporates the Instant Messaging feature.
By Dee Scrip © All rights reserved
No comments:
Post a Comment