Information Security News mailing list archives
Experts Keep Eye On New Trojan Horse
From: William Knowles <wk () C4I ORG>
Date: Thu, 12 Oct 2000 08:30:38 -0500
http://www.techweb.com/wire/story/TWB20001011S0013 (10/11/00, 5:49 p.m. ET) By Kim Renay Anderson TechWeb News Network security experts are closely monitoring the latest Trojan horse, the SubSeven DEFCON8 2.1 backdoor. Internet Security Systems Inc., Atlanta, recently discovered that the computers of more than 800 consumers were infected with the SubSeven DEFCON8 2.1 backdoor, said Chris Rouland, director of X-Force, the research team of ISS. The consumers affected were mostly DSL cable modem users and very few e-commerce businesses, he said. "We found out about the SubSeven DEFCON8 2.1 by communicating over the chat system," Rouland said. "Then we cracked the password to the virus to look at it and evaluate the scope of this infection. It originated from several hackers who were setting up DDoS (distributed denial of service) attacks." X-Force focuses on intrusion detection software, not on details of viruses, Rouland said. Other security experts said the threat is minor, or at least not enough to cause immediate alarm. Ian Hameroff, business manager for security solutions at Computer Associates International Inc. (stock: CA), said his labs are tracking the Trojan horse, but CA is not worried about it so far. "We're not saying it's major or minor, but we want to keep this under investigation," he said. But ISS rates this threat a 4, with a 5 being the most dangerous. LogiKeep Network Security Intelligence Service ranks this virus as a level 3, said Dan Burke, vice president of marketing at LogicKeep in Dublin, Ohio. "This DEFCON8 2.1 is a derivative of what we reported on June 14, when we first became aware of it," he said. "To date the number of reported cases of SubSeven DEFCON2.1 8 are not very large and is minor compared to the LoveBug virus." However, the latest version of Trinity v3 poses more of a threat, said Michael J. Assante, co-founder of LogiKeep. In September, LogiKeep issued an advisory about Trinity v3 that allows a hacker to launch a DDoS by using IRC channels, which can result in a server becoming flooded and crashing. "Trinity v3 can be obtained from the underground hacker community or downloaded," said Assante. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Experts Keep Eye On New Trojan Horse William Knowles (Oct 12)