Trojan horse

Malware comes with bogus airline ticket email

Judi Hasson — Tue, 29 Jul 2008 21:19:34 -0400

Those nasty folks seeking to infect computers and steal data are quite ingenious and never seem to be at a loss for new devious ways to gain entry and conduct their dirty work. Now comes the news that airlines, including Delta and Northwest, have warned customers that bogus emails posing as ticket invoices contain malware and should be deleted.

The emails, according to a report at InfoWorld.com, appear to be from an airline, thank the recipient for using a new "Buy flight ticket Online" service on the airline's site, provide a login user name and password, and say the person's credit card has been charged for an amount around $400.

If the attachment containing an invoice is opened, a Trojan horse is unleashed that steals information, including keystrokes from the infected Windows PC, and transmits the data to a server hosted in Russia, according to a threat researcher from McAfee.

For more on this new threat:
- see this InfoWorld article

Trojan infects 500,000 PCs

Mon, 12 May 2008 06:59:59 -0400

A Trojan spreading through bogus MP3 files on popular peer-to-peer networks has infected more than a half-million computers, according to researchers at McAfee's Avert Labs. The company first reported a Trojan, known as Downloader-UA.h, on May 6, on about 26 percent of the approximately 2 million computers scanned.

The Trojan is spreading through MP3 and MPG files disguised to look like audio or video recordings. So be alert, protect your systems, and warn company employees to be be careful what they download onto the company system.

For more on this threat
- see this eweek.com article

Hackers hide behind Olympics

Mon, 28 Apr 2008 06:59:59 -0400

CIO's beware. The latest security threat may be coming: emails using the Olympics as a cover to hide malicious Trojans that elude most antivirus programs. These email attacks mostly originate from Asia, in some cases claiming to be to be from the International Olympic Committee, and are highly destructive. Security experts at MessageLabs, a company that scans email messages for hostile content and provides Web security, have found more than a dozen Olympic-themed attacks over the past six months. They have targeted different industries with Trojan attachments that could allow the attacker to conduct corporate espionage.

Mark Sunner, chief security analyst at MessageLabs, said the attacks have shifted from Microsoft Word documents to new types of Microsoft files where the intrusions are much less likely to be detected by traditional antivirus engines. "The emerging targeted attacks are more unseen" and antivirus programs are likely to be insufficient, he said.

For more on hackers masquerading behind Olympics:
- See this CIO Today article

Google tries to sneak one past IT

Fri, 08 Feb 2008 06:59:58 -0500

During the last year, we've seen Google slowly sneaking into the enterprise, with a series of solutions that bring the company's web-based consumer technologies into a corporate environment. Just this past week, we saw the latest such product from Google, an email security/discovery suite based on Postini technology. Despite Google's best efforts, however, we haven't exactly seen enterprises rushing to deploy Google's software, which has proven quite popular with consumers. So, what's a Google to do? Why, sneak its software into the corporate world, of course.

The company's latest enterprise product, Google Apps Team Edition, is a version of Google Apps that's designed for corporate users but can be used without the IT department's knowledge. "Current business versions of Google Apps are linked to an organization's Internet domain and therefore require IT approval and at least some degree of administration," Ars Technica writes. "Team Edition eschews this approach, and allows end-users to create sharing workgroups so long as the individuals in question have valid e-mail addresses within the employer's Internet domain."

So, what's the big idea? Seems like Google is aiming to use GATE as a sort of Trojan horse--a way of convincing businesses to deploy Google Apps. "Google Apps has been, by definition, an IT project, and now we want to let people use it without IT involvement," Google Apps senior product manager Rajen Sheth said. "The IT department always has the option to sign up for the Standard Edition for free if they want to provide control over this. This is a solid, happy medium."

For more on Google's sneaky new product:
- see this Ars Technica article

ALSO NOTED: ERP is a legacy system; Top execs want mobile Internet

Tue, 08 May 2007 20:01:38 -0400

> Call a spade a spade: ERP is a legacy system. Blog

> Top execs crave Internet on the move. Article

> States pushing through IT consolidation. Article

> Sarbanes-Oxley advice for smaller public companies. Column

> A new Trojan Horse is impersonating Windows reactivation and anti-piracy messages. Article

> Directors now favor internal candidates for CEO positions. Article

> Microsoft to release DNS security patch. Article

> The state of Ubuntu 7.04 is strong. Review

> Steps to tracking data copies. Article

And Finally… Getting IT bullies to behave. Article

Face threats head on

Wed, 24 Jan 2007 19:01:38 -0500

Even with the requisite complement of data protection software, your data and networks might not be as secure as you think, thanks to more aggressive, smarter viruses and other security threats. One type of "smart" attack can occur within root kits, a type of Trojan horse software implanted into a computer to capture passwords and message traffic. These attacks will allow a virus to make its way into the depths of the operating system, allowing it to interfere with the anti-virus software before it has a chance to detect the threat. Other emerging threats include embedded image spam, more threats around Voice over IP (VoIP), and malicious code concealed in video content.

Read on for more threats to your business:
- see the article at Vnunet.com
- and for even more information, check out this article at SpywareHunter

ALSO NOTED: Tech sector outlook brightens; Storm Trojan is a serious issue;

Tue, 23 Jan 2007 19:01:38 -0500

> Tech sector brightens its outlook. Report

> Storm Trojan: worst outbreak since 2005. Report

> Intel speeds up delivery of faster WiFi. Report

> Mobile networks will take the lead in establishing IP multimedia subsystem (IMS)-based next-generation networks and in introducing next-generation applications. Report

And finally… Protect your systems from Storm Worm. Article

Hussein hanging is new phishing lure

Mon, 08 Jan 2007 19:01:37 -0500

The security experts are right when they say that phishers and hackers are getting smarter every day. That's because they obviously keep track of big news and top search engine topics, as evidenced by a phishing attack that uses the Saddam Hussein execution video as a lure. An email claiming to provide a video clip of the execution also comes with a lethal Trojan attached to it, which once released, lets out a spyware keylogger that can steal data such as banking passwords and login information.

For more on the latest phishing hook:
- check out the news at TechWeb

Trojan bolsters botnet powers

Sun, 17 Dec 2006 19:01:39 -0500

The battle against spam is getting tougher thanks to more advanced technology like sophisticated botnets that can detect when a compromised server has been taken down, which then target the next vulnerable server. According to recently-published research, the new, intelligent botnet is tied to a Trojan called SpamThru.

For more on the latest spam Trojan:
- read the news at TechWeb

Related Article: U.K. also feels the pain of botnets. Article

ALSO NOTED: Microsoft adds a "shield" against phishing in latest IE version; New Yahoo upgrade also boasts a Trojan surprise; a

Sun, 17 Dec 2006 19:01:33 -0500

> Microsoft adds a "shield" against phishing in latest IE version. Article

> New Yahoo upgrade also boasts a Trojan surprise. Article

> Big Yellow worm requires patch for Symantec flaw. Article

> Analysts see the peak of the blogging craze coming next year. Article

> 2007 will be the year hackers aim at phones, social sites and messaging. Article

> Analyst: Big companies aim to cut IT spend next year. Article

And Finally... Some gift ideas for today's tech leaders in the news. Article