Monday, November 28, 2005

The Trojans That Won'tGo Away

Trojan horses are one of the most effective ways to sneak malicious code into computer systems. Yet, rather than hear about many new Trojan horses, you tend to hear about the same Trojan horses again and again. Why is this? According to Steven Sundermeier of Central Command, the most dangerous Trojan horses appear in many forms. For example, if numerous users already know that a backdoor Trojan masqueraded as a screen saver a couple of months ago, the hacker might conceal the same Trojan horse in a new email message that claims the attachment is a fun game. Furthermore, newer versions of Trojan horses may be harder for anti-virus software to detect. The following is Sundermeier's list of several notable Trojan horses.

1. SubSeven: Sundermeier says, “In most malware, there [lurk] traces [of] and resemblances to the SubSeven Trojan. In other words, SubSeven can be identified in most malware seen today. The SubSeven Trojan has sparked many variants and set a blueprint for others to follow.”
2. NetBus: NetBus is basically remote access software, consisting of a server application and a client application. A hacker can install NetBus' server application on a victim's computer and use his client application to access files. A hacker also might use infected systems as zombies to launch DoS (denial of service) attacks.
3. Back Orifice: Back Orifice, like NetBus, includes client and server applications. After a user launches Back Orifice, a hacker can control the user's system.
4. Backdoor: IRC.Flood. The final item on Sundermeier’s list is another backdoor Trojan, making it clear that the most damaging Trojan horses are those that open computers to outside, unauthorized access. This one installs an instant messaging client that helps hackers gain access.