CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
spacer spacer
image Beware!: New Breed of Trojan Raises Security Concerns image
Trojans
By Dennis Fisher
June 13, 2003

Security researchers believe they have identified a new breed of Trojan horse that is infecting machines on the Internet, possibly in preparation for a larger coordinated attack.

However, experts have been unable to pin down many of the details of the program's behavior and are unsure how many machines might be compromised by the Trojan. The program scans random IP addresses and sends a probe in the form of a TCP SYN request with a window size that is always 55808. Infected hosts listen promiscuously for packets with certain identifying characteristics, including that specific window size. Experts believe that other fields within the packet's header probably give the infected host information on the IP address of the controlling host and what port to contact the host on.

The Trojan is also capable of spoofing the source IP addresses for the packets it sends, making it much more difficult for researchers to track infected hosts. The program appears to scan IP addresses at a rate that enables it to scan about 90 percent of the IP addresses on the Internet in 24 hours, according to officials at Lancope Inc., an Atlanta-based security vendor. The company has seen the new Trojan on its own honeynet and has also observed it on the network at a university.

The company said it was alerted to the existence of the Trojan by an employee at a defense contractor and later notified both the FBI and the CERT Coordination Center. A spokesman for the FBI confirmed that the bureau was aware of the issue, but said there was little it could do unless there's an incident.

"Until something happens, the FBI is on the sidelines on this one," said Bill Murray, spokesman for the FBI in Washington. "There's not really anything to investigate."

Unlike typical Trojans, the new program does not have a controller e-mail address written into the source code.

Source: eWeek
Posted on Monday, 16 June 2003 @ 13:15:08 UTC by Paul (1386 reads)
[ Trackback ]		image

"Beware!: New Breed of Trojan Raises Security Concerns" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· HotScripts
· W3 Consortium
· More about Trojans
· News by Paul

Most read story about Trojans:
Newest WMF Exploit Patch Saves the Day
block bottom
Article Rating
spacer
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
206ppm 0.087s (0.005s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer