CERT Warns on Latest Trojan Horse Attacks Heightened Alert for New Targeted E-mail Viruses David Needle
CERT (the US Computer Emergency Readiness Team) issued an alert Friday warning of heightened Trojan virus attacks against companies and individuals. While there were numerous reports of slowdowns at various Web sites, the cause has largely been attributed to increased Web use following the Live8 multi-venue concert event and the terrorist bombings in London.
Ken Silva, chief security officer at Verisign, referred to the CERT alert and said the slowness among some corporate Web sites late last week was due to targeted Trojan horse attacks.
Although Trojan attacks that infiltrate computer systems aren't new, CERT said the technique used in these latest attacks have two distinct elements, which pose a threat to computing infrastructure and individual business operations.
First, the Trojans can elude conventional protective anti-virus software and firewalls. A number of open source and tailored Trojans, altered to avoid anti-virus detection, have been used.
Second, the e-mails are sent to specific or targeted recipients. Unlike "phishing" attacks, the e-mails use subject lines often referring to work or other subjects that the recipient would find relevant.
The e-mails containing the dangerous attachments or links to Web sites hosting Trojan files are spoofed, making them appear to come from a colleague or reliable party. When opened, the file or link installs the Trojan which can be configured to transmit information to a remote attacker using ports assigned to a common service (e.g., TCP port 80, which is assigned to Web traffic) and thereby defeat firewalls.
Alertsite, a company that provides Web performance and security measuring and monitoring services, issued an alert that the grocer Albertsons.com Web site was down for over an hour Friday. Also, the site for memory chip design firm Rambus was down briefly Thursday night. Spokespersons for both companies were not immediately available to confirm for internetnews.com the cause of either outage.
CERT made twelve recommendations for system administrators in order to head off Trojan horse attacks.
They include using an anti-virus scanner on all e-mail attachments, updating operating system and application software to patch vulnerabilities exploited in the past by these Trojans, turning off 'Preview Pane' functionality in e-mail clients, and setting the default options to view opened e-mails as plain text.
