Until recently, the majority of massive virus attacks had been caused by a particular type of virus known as ‘worms’. Many of their victims will remember all too well worms such as Mellisa, Loveletter, Sircam or more recently, Klez and SQLSlammer. Although worms have not been the only culprit. To a lesser extent, ‘traditional’ viruses like CIH or Code Red have also achieved notoriety by causing infections worldwide.
However, there is another kind of malicious code which until now, had not been associated with these kinds of epidemics: Trojans. Unlike other viruses, Trojans do not reproduce themselves by infecting other files, but rather install themselves surreptitiously on computers. By and large, these ‘viruses’ are designed to steal confidential information, such as passwords, databases, credit card details etc, from infected computers -or to create backdoors through which hackers could take remote control of the computer.
With the exception of the widely publicized BackOrifice, Trojans go by largely unnoticed by the general public, given the discreet nature of their actions. However, in the last six months there has been a notable increase in the use of this type of malicious code to cause widely distributed attacks.
This has been achieved largely by Trojans with a number of characteristics more usually associated with worms. Bugbear, for example, was able to spread rapidly via e-mail and at the same time, drop the Trojan PSW.Bugbear, giving attackers remote control of the affected computer.
Wide-scale infections using Trojans have also been initiated by attacking download servers, replacing original files with infected copies, with unfortunate consequences for those who unwittingly download the files from the server. Unix systems in particular have suffered attacks of these kind exploiting certain distributions of Sendmail, Open SSH and tcpdump/libcap.
According to Luis Corrons, head of Panda Software’s Virus Laboratory, “There is a daily increase in the number of new Trojans appearing. This could be down to virus creators trying to exploit the fact that users are not normally too worried by this kind of virus. For this reason, it is not out of the question that in the near future we will witness attempts at large-scale attacks based on this kind of malicious code.”
To avoid attacks from Trojans, Panda Software recommends using a good antivirus with daily updates. If, like Panda Antivirus Platinum 7.0, the antivirus includes a personal firewall, protection against Trojans is enhanced, as attempts to open backdoors in the computer can be blocked.