Latest Trojan Is a Big Deal, Or Maybe Not

[William Knowles <wk () C4I ORG>]

http://www.techweb.com/wire/story/TWB20000609S0013

By Barbara Darrow, TechWeb News
Jun 9, 2000 (2:23 PM)

The latest virus scare is either a diabolical threat or a non-issue,
depending on which security software company is doing the talking.
NETSEC, a provider of security services that pinpointed the problem
earlier this week, calls it an insidious "polymorphic Trojan" causing
widespread compromise of computer systems around the world, according
to a company statement.

The company said some 2,000 computers were compromised by the "Serbian
Badman Trojan," which sneaks into the PC disguised as a video file (in
come cases a porn movie) or other attachment. Users click on the
attachment, which does not work, and then typically delete it. At that
point, the file is hidden on their computer, laying in wait for
outside instructions from a Web-based executable file.

But, Dan Takata, training manager at Fsecure, a Helsinki security
company, called Serbian Badman a "minor threat" and an "unimaginative
attack." The website hosting the executable was taken down almost
immediately, he said.

Ken Ammon, CEO of NETSEC, Herndon, Va., said the Trojan could look
like something as innocuous as the popular Whassupppp Budweiser
commercial, but in actuality would let someone on the Internet take
control of a user's PC.

"We detected it, we put security in place, put a PC outside our
perimeter and watched it," Ammon said.

But Simon Perry, vice president of e-Trust Security Solutions for
Computer Associates International (stock: CA), said his company did
not see a wide occurrence of the Trojan.

"There's no need at the moment to ride this particular Trojan Horse to
panic," Perry said. "The potential aspect here is it could -- for
systems already infected -- allow a hacker to install some software
and then use your PC for nefarious purposes. But I stress 'already
infected' because the [originating website] is already shut down."

This is just the latest in what has become a series of attacks on the
world's PCs, the most widespread of which was the "Love Bug" scare
last month. That virus traveled worldwide from the Philippines,
compromising thousands of corporate networks. It and several
subsequent viruses prey on Microsoft (stock: MSFT) Outlook mail
clients and their ability to open infected Visual Basic files.

The severity of each subsequent "Son-of-Love-Bug" attack has been
lessened as corporations disabled the ability of their PCs to open
such VBS files. Another factor is the increased awareness of viruses
and the damage they can do, experts said.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".