Video Trojan hoax scares up publicity for security firm

[William Knowles <wk () C4I ORG>]

http://www.theregister.co.uk/content/6/11290.html

By: Thomas C Greene in Washington
Posted: 10/06/2000 at 09:34 GMT

It sounded so very exciting on Friday: a relatively unknown computer
security firm called Network Security Technologies (NETSEC) was
rushing to meet with the FBI to discuss a devastating new Trojan they
had discovered joined to an .avi video file.

The Trojan, they said, was capable of infecting personal computers and
commandeering them to attack Web sites, resurrecting shades of the
media frenzy surrounding February's DDoS attacks.

Clearly, NETSEC had struck gold.

Yet on Saturday, the FBI's National Infrastructure Protection Centre
(NIPC) Web site remains strangely devoid of any mention of this
impending calamity, as does the Carnegie Mellon University Computer
Emergency Response Team (CERT) site.

Apparently, the wire services had got a few things wrong on Friday, no
doubt with NETSEC's gentle encouragement.

We now know that the video Trojan, which NETSEC dubbed 'Serbian
Badman' (ooohh, how scary that sounds), is actually known by the
tragically prosaic name 'Downloader' (aka Backdoor.ldr;
Downloader.Kit; Trojan.Win32.Loder.WPW; W95/Loader; and WWWPW).

It works by fetching, downloading and silently running another, and
quite familiar, Trojan called 'Sub7', which consists of a remote
server enabling a third party to control an infected computer.

We are terribly disappointed to report that the Sub7 server is not
capable of launching DDoS attacks, unless it has been updated
radically since the last time we, em, 'evaluated' it.

Meanwhile, Network Associates' McAfee site has condescended to run
some information on NETSEC's sensational new discovery, but what they
have to say sounds painfully familiar.

The Downloader Trojan "downloads another Trojan from the Internet and
runs it silently. The downloaded Trojan is identified as
'BackDoor-G2'" [aka Sub7].

"NETSEC alerted the Internet community about BackDoor-G2 by calling it
'Serbian Badman Trojan (TSB Trojan)'. News stories suggest that the
controlling Trojan which is downloaded is a new threat -- it is not.
Although the Trojan known as "Downloader" is new, the file downloaded
is a known Trojan."

In other words, NETSEC's discovery amounts to nothing more than a
publicity stunt by an opportunistic security firm in quest of free
advertising in the form of media attention.

The Register is shocked....shocked....to learn that media manipulation
is going on.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".