|
|
|
Companies warn of mass Trojan distribution
By Paul Roberts
IDG
News Service, 07/13/04
Anti-virus and e-mail security companies sent out warnings
Tuesday about a Trojan horse program that they claim is being
mass-distributed on the Internet using unsolicited commercial, or
spam, e-mail.
The program, called Backdoor-CGT, is a new form of a Trojan horse
installed after e-mail recipients using Microsoft's Outlook e-mail
program follow a Web link embedded in an e-mail message. The
Trojan horse is believed to have infected thousands of systems on
the Internet since appearing early Tuesday, even though anti-virus
software and up-to-date versions of Outlook are immune to attack,
according to Maksym Schipka, senior anti-virus researcher at
MessageLabs in the U.K.
MessageLabs received more than 3,600 e-mail messages with links to
the Trojan horse during a two-hour period early Tuesday, the
result of a massive and uncharacteristic spam distribution more
than 10 times what is normal for such a program, he said. Trojan
horse programs give remote attackers access to or control over
machines on which they run, and often run unnoticed by computer
users, or pose as legitimate software applications.
The Backdoor-CGT Trojan uses a "multistage" attack to
place malicious code on victims' computers. After clicking on an
e-mail link embedded in the spam message, victims go to a series
of Web sites, each of which carries out one stage in the attack.
The attack takes advantage of a now-patched flaw in Outlook called
the "IFRAME" exploit to hide the Web site redirections
from the user and silently download and install the Backdoor-CGT
program, Schipka said.
Once installed, Backdoor-CGT selects a communications port at
random and opens it, creating a back door on infected systems that
is used to communicate with a server on the Internet supposedly
controlled by those behind the attacks. The Web site used by the
compromised machines is registered in the .biz Web domain to an
individual in the Czech Republic and was still online, though
slowed by heavy traffic, on Tuesday, he said.
McAfee also released an advisory about the new Trojan program,
also known as "SS," on Tuesday, but rated it
"low," indicating it does not pose a great threat to
either home or business users.
Other anti-virus companies did not immediately respond to requests
for information about Backdoor-CGT and it was not clear whether
other companies were aware of it, or whether other anti-virus
software programs could spot the new malicious program.
However, before the Trojan program can be downloaded and
installed, the attackers attempt to place a common version of
another program, called a "dropper," that antivirus
programs can spot, thwarting infections, Schipka said.
Microsoft Outlook users are advised to apply the latest software
patch for the product to prevent infection, he said.
McAfee released software update files to detect the new Trojan
program on Tuesday, according to the company advisory.
|
|
Security Products:
Astaro
Security
Gateway
Award
winning, Rock-solid network security, simple and affordable.
"...exceptionally
polished and extremely robust security gateway for a very
reasonable price.... the most polished and easy to use
Web-based management system we've seen to date." ---
INFOWORLD
Astaro provides six essential security applications in one easy-to-manage package that protects organizations from hackers, viruses, worms, spam and other threats to security and productivity.
Astaro Security Linux offers:
 |
firewall |
|
intrusion
protection |
|
e-mail
virus protection |
|
web
virus protection |
|
spam
protection |
|
VPN
gateway |
|
URL filtering capabilities. |
A unified management platform makes it easy to deploy,
administer, and update a complete network security solution with surprisingly little cost and effort. The software can be installed on a standard Intel PC, or purchased pre-installed on a variety of security appliances.
Based on the best of open source security software, Astaro Security Linux has won numerous awards, and is in use on over 20,000 networks in 60 countries.
Astaro
security Linux is extremely scalable, with the ability to
protect small office home office/remote office to enterprise
implementations incorporating features such as
High availability, VLANs, Qos and a configuration manager to
manage multiple sites from a
single management platform.
Prices
start at $390 for a 10 user license. Educational discounts
are available.
Intrusion
Prevention Systems
Vulnerability
Scanners
Firewalls
| Astaro Security Linux |
| Netscreen |
| Checkpoint |
Management
Virus
Control
| Astaro Security Linux |
| Mail Marshall |
Content Filter
| Astaro Security Linux |
Services
| Security audit |
| Perimeter Vulnerability Scan |
| Router/ switch optimization for
security |
| Firewall checking and configuration |
| VPN Design and Implementation |
| Network design |
| network based application analysis |
| Network Baselining |
| Security baselining |
|
|
   
This mailing has been performed by Aavex Technology
Corporation
42w588 Still Meadows Lane, Elburn IL 60119 USA, 630-365-0025 in compliance
with the "CAN-SPAM Act of 2003", approved and signed by
the president of The United States of America on Dec. 16, 2003. For this
reason, this email cannot be considered SPAM This newsletter contains
commercial advertisement.
|
|
