Author Topic: High Increases In Trojan Horse Activity  (Read 3576 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20148
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
High Increases In Trojan Horse Activity
« on: July 16, 2005, 10:16:07 PM »
For ease in reading, copied/pasted instead of quote.  From CyberNews4You (Canuk's Site):

High Increases In Trojan Horse Activity
July 15, 2005

Websense Security Labs is reporting an marked increase in Trojan Horse downloaders and banking Trojan Horses. The malicious code is being hosted on malicious websites, which are used in combination with deception techniques through email and instant messaging to attract users to visit the sites and run the malicious code.

The infected websites either host the Trojan Horse downloader (which, when run, downloads a banking Trojan Horse), or are actually hosting the actual keylogging code itself.

The most common deception techniques that are being used are music-related dedication emails, greeting cards, IT-security warnings, and through online banking deception.

When executed, the trojan monitors the users activities, well known banking and ecommerce websites, then the malicious code monitors are activated. The keystrokes are captured, and then they are sent through HTTP, SMTP, and sometimes encrypted through SSL.

According to Websense, this month,(especially the last two weeks), have been the busiest. Seeing numbers as high as 1000 malicious websites and 100 unique Trojan Horses discovered.

Some characteristics of the malicious websites and Trojan Horse downloaders are that they:

* Commonly use free hosting facilities (such as, personal sites, setup blogs, and home directories).
* Commonly use email and social engineering to entice users to run them.
* Most often use entertainment (such as, greeting cards and music-dedication) or IT security-related deception techniques (such as, MS update patch and AV warning must clean).
* Most commonly use technical details. The Delphi, UPX, ASPACK, MEW, VB are the most popular wrappers and packing technology being used.
* Most commonly use URLs that are using the .scr,.exe, .jpg.exe, .gif, and .ex extensions

For more information, please visit the Websense Security Labs detection and prevention recommendations website.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.