CERT Warns on Latest Trojan Horse Attacks

CERT (the US Computer Emergency Readiness Team), issued an alert today warning of heightened trojan virus attacks against companies and individuals. While there were numerous reports of slowdowns at various Web sites, the cause has largely been attributed to increased Web use following the Live8 multi-venu concert event and the terrorist bombings in London.

Ken Silva, chief security officer at Verisign, referred to the CERT alert and said the slowness among some corporate Web sites today is due to targeted trojan horse attacks.

Although trojan attacks that infiltrate computer systems aren’t new, CERT said the technique used in these latest attacks have two distinct elements, which pose a threat to computing infrastructure and individual business operations.

First, the trojans can elude conventional protective anti-virus software and firewalls. A number of open source and tailored trojans, altered to avoid anti-virus detection, have been used.

Second, the e-mails are sent to specific or targeted recipients. Unlike “phishing” attacks, the e-mails use subject lines often referring to work or other subjects that the recipient would find relevant.

The e-mails containing the dangerous attachments, or links to web sites hosting trojan files are spoofed, making it appear to come from a colleague or reliable party. When opened, the file or link installs the trojan which can be configured to transmit information to a remote attacker using ports assigned to a common service (e.g., TCP port 80, which is assigned to Web traffic) and thereby defeat firewalls.

Alertsite, a company that provides Web performance and security measuring and monitoring services, issued an alert today that the grocer Albertsons.com Web site was down for over an hour today. Also, the site for memory chip design firm Rambus was down briefly last night. Spokespersons for both companies were not immediately available to confirm for internetnews.com the cause of either outage.

CERT made twelve recommendations for system administrators in order to head off trojan horse attacks.

They include using an anti-virus scanner on all e-mail attachments, updating operating system and application software to patch vulnerabilities exploited in the past by these Trojans; and turn off ‘Preview Pane’ functionality in e-mail clients and set the default options to view opened e-mails as plain text.

News Around the Web