Comments
Trojan lurks, waiting to steal admin passwords
Writers of a password-stealing Trojan horse program have found that a little patience can lead to a lot of infections.
View full article »
Free books
Build your tech library with our book giveaways.
Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne
The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!
An interesting post but...
An interesting post but... it would be of greater value if it suggested ways to determine if a PC is infected with the malware, or at least linked to a source that could provide that guidance.Thank you,
Dan
I heartily agree with the
I heartily agree with the previous poster. At minimum, a brief mention should have been made of how the malicious software was detected; for example, would any "standard" anti-virus software find it. Probably not since the infection was so wide-spread. So just how was it detected?Symantec has issued five
Symantec has issued five updates with virus definitions to detect the coreflood trojan. Also CNET ran an article that further explains the coreflood trojan.The author did a good job in explaining how this trojan works and alerting more admins on the dangers. It is our jobs to do the research to find out how to keep our networks secure.
I heartily agree with the
I heartily agree with the previous poster. At minimum, a brief mention should have been made of how the malicious software was detected; for example, would any "standard" anti-virus software find it.Good points, guys. I asked Joe Stewart about detection and he said that it's tough. There are so many variants of malware out there that AV companies are having a hard time keeping up. Here's what Joe said to me:
Detection is available in _some_ products for _some_ variants. No AV covers it 100% of the time, and even those that do a good job of getting samples and updating their detection have a delay between the release and the discovery, giving the bad guys plenty of time to spread
it around. Hundreds of variants of this trojan have been released. We know this because the trojan author updates the version information in the debug strings with each build.
Another thing that compounds the problem is the fact that the initial drive-by exploit delivers a different, smaller trojan, which then downloads Coreflood at a later date, on command by the controller. So even if the AV companies know about the first-stage trojan, unless they are monitoring a live infection and all the subsequent downloads, they may miss the Coreflood install. Then, even if the first-stage trojan is eventually detected and removed by AV, Coreflood is still left running.