This is the credo behind the co-ordinated Trojan threat looming on the horizon. If you thought you've seen everything there was to see of virus threats, think again. Experts are saying this is "unprecedented", and could be the next big one.
"Glieder (Win32.Glieder.AK)", "Fantibag (Win32.Fantibag.A)" and "Mitglieder (Win32.Mitglieder.CT)" are not names of a modern day version of The Three Musketeers. These are Trojans engineered for a hacker attack that will infect computers and open them for use in further attacks. Of the three, Glieder leads the initial charge. It sneaks past antivirus protection to download and execute files from a long, hard-coded list of URLs and "plant" the infected machine with "hooks" for future use. On Windows 2000 and Windows XP machines, it attempts to stop and disable the Internet Connection Firewall and the Security Center service (introduced with Windows XP Service Pack 2). Then the Trojan accesses the URL list to download Fantibag. The way is now paved to launch the second stage of attack. Sulabh, a tester with MicroWorld Technologies says of Fantibag, "Now Fantibag goes about attacking the networking feature of the infected system to prevent it from communicating with anti-virus firms and denying access to the Microsoft Windows Update site. It closes your escape route by making it impossible to download an anti-virus solution and any subsequent Windows security patch to your system. Effectively it helps Mitglieder (the third stage Trojan) open the 'backdoor' by shutting the other doors on you." Mitglieder puts the system under complete control of the attacker by opening the 'backdoor' on a port using which the attacker can update the Trojan, to stay a step ahead of attempts to remove it, download and execute files, initiate an SMTP server to relay spam, execute files on the infected computer and download and execute files via an URL. "This is what makes it scary," say Aarti, Assistant Manager, QA, MicroWorld Technologies. "The fact that the system can now be used as a remote controlled 'soldier' (bot) in an army (botnet) of similarly compromised machines to launch criminally motivated attacks, causing harm to Internet users."
Botnets thus formed can among other things, use your machine to launch Distributed Denial of service attacks which overload servers, making them crash, to send out spam, spread new Malware, plant Keylogger to retrieve your personal information like identity, passwords, account numbers etc., install Spyware, manipulate online polls/games, abuse programs like Google AdSense to cheat advertisers of revenue, and install Advertisement Addons for financial gain as in fake websites advertising services that don't exist. "Botnets can even encompass over 50,000 host machines. The potential for mischief is huge," reflects Govind Rammurthy. "Such a three-pronged Trojan attack where attackers change their virus code and release viruses quickly to bypass virus signature scanners, then disable network access to deny the user link-ups to anti-virus and Microsoft Windows Update site for protection has huge significance for virus-signature based protection. It is a sign of things to come," he says, remembering the scramble at MicroWorld labs to update their products to detect and remove the three Trojans. Anti-virus updates for the three-pronged Trojan threat are available at MicroWorld Technologies site. Maybe the time for worrying about some pimply teenager turning out malicious code because they have nothing better to do on a nice sunny morning, is over.
The world could be facing a determined organized crime syndicate who'll stop at nothing to get what they want - information precious to you. Take a look at the recommended trojan removal tools .
Home
Contact Us
