Sophos: Protecting the world from The Pentagon
Published: 28 Nov 2005 16:05 GMT
...Sony Digital Rights Management rootkits, designed to cloak anti-piracy software on music CDs, has served to underline what is seen as a growing threat in the security community.
If the computer gets slower over time, or if the space on the hard drive becomes smaller and smaller, a company may suspect a rootkit has been installed on one of its machines. One way of detecting the presence of a rootkit is by observing which ports are being used to transmit data packets, especially if the open ports are associated with a particular vulnerability.
Another solution to the problem is to install a software tool that captures and displays the contents of packets going into and coming out of a PC. By monitoring this flow of data, it's possible to determine whether any illegitimate mail is being sent.
Botnets
The growing number of botnets — PC's that are effectively hijacked by
hackers and used in spam or denial of service attacks — is also a big
problem. Users are usually tricked into installing the code, which
hands control of their PC to hackers, not by clever software but by
what it is termed "social engineering".
"We've seen social engineering emails that claim to come from Microsoft tech support, with the same graphics and fonts used, claiming to contain a patch. When the file is opened, it contains an .exe that runs code and copies itself to a systems folder with a name like Mspg.32.exe, which makes it difficult to detect as there are so many legitimate files there with similar names," says Svajcer.
The malicious executable code allows the compromised computer to be controlled remotely. The person or persons controlling the bots usually creates a login that only they can use. This increases the saleability of the bot and protects it from being hijacked by any other hacker.
Sharing information
Given the massive amount of malware in circulation, most security
companies have a policy of cooperation. Sophos shares information on
the latest threats with the likes of F-Secure, McAfee, and Symantec.
Newly identified viruses are exchanged using PGP encryption and
occasionally even sent on CDs.
Customers also send information — either potentially malicious code, or sometimes code they have found on virus exchange Web sites. Some malicious code is even sent directly from the writers. An example of this is Phage, the first Palm Trojan that was sent to Sophos and other antivirus vendors in September 2000. The virus couldn't spread, but the writer publicised it in an effort to gain notoriety.
Virus writers
Other virus writers send works in progress, in the hope that a warning
concerning their code will be put on antivirus vendors' sites.
Incomplete malware...
For more, click here...
Previous
Did you find this article useful?
234 out of 563 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
