Interesting People mailing list archives
UK Gov't Warns of Massive Trojan Attack
From: David Farber <dave () farber net>
Date: Fri, 17 Jun 2005 03:27:14 -0400
Begin forwarded message: From: Randall <rvh40 () insightbb com> Date: June 16, 2005 8:06:34 PM EDT To: Dave <dave () farber net> Subject: UK Gov't Warns of Massive Trojan Attack http://tinyurl.com/dvmjf UK Government Warns of Massive Trojan Attack June 16, 2005 By Paul F. Roberts A U.K. critical infrastructure monitoring group is warning public and private sector organizations about a wave of electronic attacks that have compromised critical networks in Britain with Trojan horse programs in recent months. The National Infrastructure Security Co-ordination Center, or NISCC, said on Thursday that it detected a series of e-mail attacks targeting U.K. companies and government agencies with Trojan programs that gather and transmit information to IP addresses in the Far East. Organizations that are part of the U.K. Critical National Infrastructure were advised to step up user education and detection measures to spot the Trojan programs, NISCC officials said. RELATED LINKS * Smart-Phone Trojan Poses as Anti-Virus App * Updated Triple-Barreled Trojan Attack Builds Botnets * Experts Warn of Growing Trojan Threat * High-Risk Flaw Found in VPN Security Protocol * Denial-of-Service Flaw Found in DNS Protocol The group acknowledged that most of the attacks were on U.K. government institutions, but did not say whether any information was stolen. Private companies and even individuals may also have been targeted, NISCC officials said. "By providing information, practical help and advice, NISCC is working to enable organisations to take the steps needed to protect themselves and their data as best they can," the U.K. Home Office said in an e-mail statement. The NISCC discovered 17 Trojan or remote monitoring programs within the last one or two months, according to Stuart Taylor, manager of Sophos plc. in the United Kingdom, which analyzed the programs for NISCC. The files submitted to Sophos included multiple variants of the Riler, Nethief and Dloader Trojans, which give remote users unauthorized access to compromised computers and allow them to open files and transmit them to remote servers. Around two thirds of the programs submitted by NISCC to Sophos were known Trojan programs. Others were previously undetected variants of known Trojan families, Taylor said. The programs were sent as attachments to e-mail messages that used so-called "social engineering" techniques such as faked sender addresses to trick the recipient into opening the attachment that installed the Trojan. In one case, the malicious program might also have been installed without user interaction using a software vulnerability in Microsoft Corp.'s Windows DCOM (Distributed Component Object Model) RPC (Remote Procedure Call), he said. While Trojans are a common malicious payload on the Internet, there is evidence that the reported attacks were targeted, NISCC officials said. Click here to read about the growing threat of trojans. In some cases, the e-mail messages carrying the Trojan horse programs contained information about the job or interests of individuals at the victim organizations who handle commercially or economically sensitive data. For example, the messages were spoofed to appear to come from trusted contacts, news agencies or government agencies, to entice the recipients into opening the malicious attachment, according to NISCC. A machine or machines in Asia was set up to receive stolen information. However, those machines may have only been the first stop for any stolen data, and are not proof that groups or governments in that part of the world are responsible for the Trojan attacks, Taylor said. NISCC advised organizations that might be affected by the attack to harden their defenses against Trojan attacks by updating anti-virus definitions, applying software patches to vulnerable operating systems and educating users not to open suspicious attachments. In May, the Israeli newspaper Haaretz published news of a massive industrial espionage ring that used custom-designed Trojans to steal trade secrets and other sensitive information from leading companies. The two cases illustrate the growing threat to enterprises from Trojans, said Carole Theriault, security consultant at Sophos. Sophos researchers identify around 15 new Trojans a day that require immediate definition updates for Sophos products. That is three times the volume of Trojan horse programs researchers were seeing last year at this time, she said. It is possible that the agencies and companies affected were already using desktop or gateway anti-virus products, and that the Trojan variants eluded detection, Taylor said. "We see so many of them, some will get through," Taylor said. "You just have to use good common sense when dealing with this problem. It's an unavoidable part of doing business."ยด Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog. Copyright (c) 2005 Ziff Davis Media Inc. All Rights Reserved. ------------------------------------- You are subscribed as [USER_EMAIL] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- UK Gov't Warns of Massive Trojan Attack David Farber (Jun 17)