Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

UK Gov't Warns of Massive Trojan Attack

From: David Farber <dave () farber net>
Date: Fri, 17 Jun 2005 03:27:14 -0400


Begin forwarded message:

From: Randall <rvh40 () insightbb com>
Date: June 16, 2005 8:06:34 PM EDT
To: Dave <dave () farber net>
Subject: UK Gov't Warns of Massive Trojan Attack


http://tinyurl.com/dvmjf

UK Government Warns of Massive Trojan Attack
June 16, 2005

By Paul F. Roberts

A U.K. critical infrastructure monitoring group is warning public and
private sector organizations about a wave of electronic attacks that
have compromised critical networks in Britain with Trojan horse programs
in recent months.


The National Infrastructure Security Co-ordination Center, or NISCC,
said on Thursday that it detected a series of e-mail attacks targeting
U.K. companies and government agencies with Trojan programs that gather
and transmit information to IP addresses in the Far East. Organizations
that are part of the U.K. Critical National Infrastructure were advised
to step up user education and detection measures to spot the Trojan
programs, NISCC officials said.

RELATED LINKS


      * Smart-Phone Trojan Poses as Anti-Virus App
      * Updated Triple-Barreled Trojan Attack Builds Botnets
      * Experts Warn of Growing Trojan Threat
      * High-Risk Flaw Found in VPN Security Protocol
      * Denial-of-Service Flaw Found in DNS Protocol

The group acknowledged that most of the attacks were on U.K. government
institutions, but did not say whether any information was stolen.
Private companies and even individuals may also have been targeted,
NISCC officials said.

"By providing information, practical help and advice, NISCC is working
to enable organisations to take the steps needed to protect themselves
and their data as best they can," the U.K. Home Office said in an e-mail
statement.

The NISCC discovered 17 Trojan or remote monitoring programs within the
last one or two months, according to Stuart Taylor, manager of Sophos
plc. in the United Kingdom, which analyzed the programs for NISCC.

The files submitted to Sophos included multiple variants of the Riler,
Nethief and Dloader Trojans, which give remote users unauthorized access
to compromised computers and allow them to open files and transmit them
to remote servers.

Around two thirds of the programs submitted by NISCC to Sophos were
known Trojan programs. Others were previously undetected variants of
known Trojan families, Taylor said.

The programs were sent as attachments to e-mail messages that used
so-called "social engineering" techniques such as faked sender addresses
to trick the recipient into opening the attachment that installed the
Trojan. In one case, the malicious program might also have been
installed without user interaction using a software vulnerability in
Microsoft Corp.'s Windows DCOM (Distributed Component Object Model) RPC
(Remote Procedure Call), he said.

While Trojans are a common malicious payload on the Internet, there is
evidence that the reported attacks were targeted, NISCC officials said.

Click here to read about the growing threat of trojans.

In some cases, the e-mail messages carrying the Trojan horse programs
contained information about the job or interests of individuals at the
victim organizations who handle commercially or economically sensitive
data. For example, the messages were spoofed to appear to come from
trusted contacts, news agencies or government agencies, to entice the
recipients into opening the malicious attachment, according to NISCC.

A machine or machines in Asia was set up to receive stolen information.
However, those machines may have only been the first stop for any stolen
data, and are not proof that groups or governments in that part of the
world are responsible for the Trojan attacks, Taylor said.

NISCC advised organizations that might be affected by the attack to
harden their defenses against Trojan attacks by updating anti-virus
definitions, applying software patches to vulnerable operating systems
and educating users not to open suspicious attachments.

In May, the Israeli newspaper Haaretz published news of a massive
industrial espionage ring that used custom-designed Trojans to steal
trade secrets and other sensitive information from leading companies.

The two cases illustrate the growing threat to enterprises from Trojans,
said Carole Theriault, security consultant at Sophos.

Sophos researchers identify around 15 new Trojans a day that require
immediate definition updates for Sophos products. That is three times
the volume of Trojan horse programs researchers were seeing last year at
this time, she said.

It is possible that the agencies and companies affected were already
using desktop or gateway anti-virus products, and that the Trojan
variants eluded detection, Taylor said.

"We see so many of them, some will get through," Taylor said. "You just
have to use good common sense when dealing with this problem. It's an
unavoidable part of doing business."ยด

Check out eWEEK.com's Security Center for the latest security news,
reviews and analysis. And for insights on security coverage around the
Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's
Weblog.


Copyright (c) 2005 Ziff Davis Media Inc. All Rights Reserved.






-------------------------------------
You are subscribed as [USER_EMAIL]
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: