Targeted Trojan Attacks Causing Concern

Bill Andad writes to point out a surprise trend emerging from the Virus Bulletin Conference 2006 in Montreal this week. From the article on Daniweb: "It is the smallest of Trojan attacks that are causing the biggest headache in the world of corporate security right now. By targeting individuals within individual companies with individually constructed infected messages, the new-age industrial spy is slipping under the security radar." News.com has more in-depth coverage.

Any trojans cause concern

[celardore]

My work PC has been hit by trojans twice within a couple of weeks. I'm new there, so it looks bad anyway. Also, I'm as competent as most /. users, so I was shocked I got virused twice because I'm careful, especially at work. I'm an accountant so I don't have a say in the IT nor do I care to. My boss had to bring in external guys to fix the first virus, then the second one happened and he decided to reinstall everything anyway. Cost time and money.

About time?

[caller9]

This is the obvious evolution in organized crime via hacking. If you could infect the marketing dept of several companies directly by doing a little old fashion PI work (or looking at the company directory), you will have access to both typically non-technical people and people that have access to what is about to be spun from a company. So do some "insider" trading on that.

Ask a legitimate question and get a response. You're now whitelisted. Send them a document related to your question that happens to carry your trojan. You can now, at least, impersonate them on the network/read their mail/send mail on their behalf.

It's a crappy way to develop a bot net but it's a good way to get very specific espionage capabilites.

Why hasn't this been exposed in the past, I'm sure it's been going on for quite some time.

Re:The biggest danger are working business models

[frenetic3]

it does have a technical solution -- just don't let it run in the first place :) or more specifically, take the choice out of the (uninformed) end-user's hands and let the IT admin decide.

http://www.bit9.com/ [bit9.com]

lets you lock down PCs and stops anything new/unknown (from a network-wide perspective) from running without taking away admin rights.

so if someone gets snuck an evil email attachment, it would be identified by the software as new to the network and blocked at the kernel level before the OS executes it. no signatures or AV needed.

[full disclosure: yeah, i work at bit9, and the product rocks :)]

-fren

Re:Not all that surprising

[rabidcitizen]

It seems to me that what the article points out is that we are moving beyond the phone call impersonation to get a password (Mitnick style) to more sophisticated exploitations of trust relationships and social engineering attacks. We are looking at attacks that can get by many power users - am I going to take the time to question requests and attachments from any of the 20,000+ identities I have in my client datatbase and address book whose requests I must handle same business day and who I must assume are to be trusted? Probably not. Will my IT staff have the resources and the time to properly configure countermeasures? I sure hope so...

Re:Not all that surprising

[flyingfsck]

Hmm, it *is* possible to lock a WinXP Pro machine to the point that malware won't install itself, but it is damn difficult to do so. Here is a link:
http://www.microsoft.com/technet/security/prodtech /windowsserver2003/ccc/default.mspx [microsoft.com]

LULZ

[Jessta]

LULZ
oh, indeed. The main reason your anti-virus software is pointless.
If a piece of malicious software is well known enough for your anti-virus company to know about it, then a patch for the issue will be out very soon. Anti-virus software will only protect you from script kiddies and not someone that actually would have a good reason to steal your data. i.e your competition.