Skip to comments.
New Breed of Trojan Raises Security Concerns (IMMINENT CYBER ATTACK)
www.eweek.com ^
| June 13, 2003
| Dennis Fisher
Posted on 06/17/2003 6:47:22 PM PDT by Nexus
Edited on 04/13/2004 2:58:58 AM PDT by Jim Robinson.
[history]
Security researchers believe they have identified a new breed of Trojan horse that is infecting machines on the Internet, possibly in preparation for a larger coordinated attack.
However, experts have been unable to pin down many of the details of the program's behavior and are unsure how many machines might be compromised by the Trojan.
(Excerpt) Read more at eweek.com ...
TOPICS: Business/Economy; Crime/Corruption; Foreign Affairs; Front Page News; Government; News/Current Events; War on Terror
KEYWORDS: cert; computervirus; cybersecurity; fbi; ipaddress; lancope; portscan; techindex; tinfoil; trojan; trojanhorse; virus; wot
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-80 ... 161-165 next last
To: Bloody Sam Roberts
BTW, I don't know when my Norton autoupdates. I thought daily.
In any case, for good measure, I went to LIVEUPDATE and it downloaded a couple or 3 packets of update. At least one required a reboot.
Perhaps it would be wise to order your Nortons to do the same, group.
41
posted on
06/17/2003 9:02:16 PM PDT
by
Quix
To: rdb3; ewing; hchutch; Poohbah; Sabertooth; Howlin; JohnHuang2
Might be tin foil, but I've got a weird feeling about this one...
42
posted on
06/17/2003 9:05:57 PM PDT
by
mhking
To: rwfromkansas
43
posted on
06/17/2003 9:06:38 PM PDT
by
Ernest_at_the_Beach
(Recall Gray Davis and then start on the other Democrats)
To: rwfromkansas
They forgave him with Sept. 11, but now that he has promised we are safe, they may not be so forgiving. He never said that
44
posted on
06/17/2003 9:08:37 PM PDT
by
Mo1
To: Ernest_at_the_Beach
45
posted on
06/17/2003 9:09:02 PM PDT
by
Ernest_at_the_Beach
(Recall Gray Davis and then start on the other Democrats)
To: rwfromkansas
46
posted on
06/17/2003 9:11:34 PM PDT
by
Ernest_at_the_Beach
(Recall Gray Davis and then start on the other Democrats)
To: Nexus
Your post and the eweek story leave out the fact that the trojan has to get onto the hosts in the first place. So it doesn't matter if it scans 90%, 99%, or 0.09% of all the hosts on the internet because it's not scanning to get onto them, only to talk to its siblings if they are there. And the chances of it being on any particular host are very small.
47
posted on
06/17/2003 9:14:38 PM PDT
by
palmer
(Plagiarism is series)
To: rwfromkansas
48
posted on
06/17/2003 9:21:56 PM PDT
by
Ernest_at_the_Beach
(Recall Gray Davis and then start on the other Democrats)
To: Nexus
...said Bill Murray, spokesman for the FBI in Washington...
To: Nexus
RE #6
Thanks for the reminder. I will check my computer, too, just in case. Out of curiosity, which message board should I go to get hold of such a discussion? Please let me know.
To: Nexus
Beump
To: Nexus
bump
52
posted on
06/17/2003 9:28:38 PM PDT
by
Centurion2000
(We are crushing our enemies, seeing him driven before us and hearing the lamentations of the liberal)
To: Nexus
This is a TOTALLY BOGUS REPORT
This is a press release hyping a product that somehow ended up in "news" articles.
I won't go into the technical side of things, but basically this article is a load of crap.
Controller "e-mail address?" ha ha ha ha. Trojan horse? Ha ha ha ha ha ha. Wow it's "scanned the internet" since this article was published! We're all in for it now!!! The "spoofing" bit gives it away too.
Nothing like this is on any of the incident reporting mailing lists.
http://isc.incidents.org/ HOAX HOAX HOAX HOAH HOAX
53
posted on
06/17/2003 9:31:44 PM PDT
by
adam_az
To: adam_az
What product?
54
posted on
06/17/2003 9:40:46 PM PDT
by
Ernest_at_the_Beach
(Recall Gray Davis and then start on the other Democrats)
To: adam_az
Article appears here also:
55
posted on
06/17/2003 9:47:28 PM PDT
by
Ernest_at_the_Beach
(Recall Gray Davis and then start on the other Democrats)
To: rwfromkansas
I wonder what the heck good a virus software is if it won't catch them though.What the heck good is a trojan if it can't get around Norton.
56
posted on
06/17/2003 9:58:49 PM PDT
by
D-fendr
To: Ernest_at_the_Beach
It's the SAME ARTICLE!!!!
57
posted on
06/17/2003 9:59:25 PM PDT
by
adam_az
To: adam_az
Yes, it's the site that gives it some credence!
58
posted on
06/17/2003 10:01:04 PM PDT
by
Ernest_at_the_Beach
(Recall Gray Davis and then start on the other Democrats)
To: adam_az
Here is a different article:
Is a new Trojan horse at the firewall? -
Government Computer News Website
_________________________________________________________________
Article follows
__________________________________________________
06/10/03
Is a new Trojan horse at the firewall?
By William Jackson
GCN Staff
IT security professionals have found evidence that a stealthy new Trojan horse is infecting networks.
Traffic apparently generated by the as-yet-unnamed malware was first reported in May by a security analyst for a Defense Department contractor, said Chris Hovis, director of product marketing for Lancope Inc. of Atlanta. Lancope announced Monday it had confirmed the behavior of suspicious packets on its own honeynet and on the network of a large university.
The TCP SYN packets are characterized by a window size in the packet header of 55808. No infected machines have been found, but the Trojan horse apparently listens for packets with this value, which Hovis said are believed to contain encrypted instructions for communicating with controllers.
Based on the activity that we have seen, which looks like probes from zombie hosts, there are likely infected machines that are looking for that identifier, Hovis said.
Because the code of the Trojan horse itself apparently does not include communication instructions, they are difficult to detect with signature based antivirus software. Lancope has described it as a third generation Trojan horse and said the FBI and the CERT Coordination Center at Carnegie Mellon University had been notified.
CERT would not comment on the report, but said there is nothing significantly different about the threat described by Lancope.
There is nothing there that hasnt been seen before, said Mary Lindner, CERT team leader for incident handling. Every one of these is an event, but the barometer is not rising.
Hovis said the Trojans purpose is unclear, as is how widely it is distributed. At the current level of activity the suspicious packets could probe all IP addresses on the Internet every 27 hours.
System administrators can use tools such as TCPdump, a program that monitors and filters TCP activity, to find out if machines on their networks are sources of the telltale probes. Systems can also be monitored for aberrant behavior, such as unusual amounts of traffic or new ports and services being opened.
59
posted on
06/17/2003 10:09:47 PM PDT
by
Ernest_at_the_Beach
(Recall Gray Davis and then start on the other Democrats)
To: Nexus
"6:00 GMT June 19th is 1 AM EST Friday morning, I believe."
Well it is 05:23 June 18th GMT right now, so I think maybe it would be THURSDAY morning, not Friday. However, the very reliable forum I read said it would be "the sixth hour at night GMT" and I would interpret that as being 18:00 GMT on June 19th.
Check out this site to see what time it is right now GMT
http://greenwichmeantime.com/
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61-80 ... 161-165 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson