.: Trojan Horse Delivered In Automatic Update
Category:Home / Computers / Software
Trojan Horse - One Mans “Worse Case Scenario” Prediction
----------------------------
This is a fictional article about a Trojan Horse Virus, or you could say it is one mans prediction of a “worse case scenario”. Because of the field I’m in, I maintain a personal list of my top 10 “worse case scenarios”. Every time I perform a security assessment I run into something new or identify a situation that is ripe for a potential vulnerability. I think we could all agree that no respectable or ethical company would intentionally deliver a malicious piece of code as part of a helpful update solution. However, the reality is that human beings are behind technology and human beings are unpredictable and fallible.
Many major operating system vendors have automatic update services. Many hardware vendors and other software packages have followed this trend, incorporating automated update services into their products. In some cases, the services for automatic updates run as the local “system” account. This account has the ability to access and modify most of the operating system and application environment. When automatic updates were relative new, many people would perform the updates manually, however, as time has progressed, many now trust these services and allow the updates to proceed in a truly automated fashion.
The Final Step Before The Hammer Falls
--------------------------
So let’s expand upon our “worse case scenario”. A new service pack is just about ready for release. The last step prior to public release is quality control / validation. The team of people performing this task includes a significantly disgruntled employee (Or may he/she is going through a horrible life crisis and has not much to lose). When people are in pain or distress it is not uncommon for them to project this same feeling onto others in any way they can. So, instead of performing their job in the normal fashion, they decide to incorporate a malicious payload into the forthcoming update.
The First Step For The Trojan Horse: Evasion
--------------------------------------------------
This payload has some unique characteristic, three to be precise. First, it is constructed in such as way to not appear as something malicious. The anti-virus and anti-spyware programs currently on the market won’t be able to detect it through anomalous detection techniques.
The Second Step For The Trojan Horse: Information Collection
----------------------------
Secondly, it has been instructed to wait 12 hours to activate to start searching your computer an network for important files that may contain financial, healthcare, and other confidential information such as user accounts and passwords. It then sends this information to anonymous systems on the Internet. Because this “Trojan horse” has been incorporated into an automated update by someone with reasonable skills, it is instructed to only perform the collection of data for 12 hours. Given the number of global systems that allow automated updates, 12 hours should be more than enough. The person behind this realizes that someone will quickly identify that something malicious is going on and start to roll-out a defense solution to halt the process.
The Final Step: Incapacitate
-------------------------------
Finally, the Trojan Horse will cease it’s data collection and deliver it’s final blow. Because of the level of system privilege it is running at, it modifies the communication protocols and services on the system to prevent any type of external communication to its local peers and external (Internet) hosts. It does this in such as way that the only immediate method to recover from this is a system roll-back, system repair, or restore from near-line media, such as tape or disk. And as far as system recovery is concerned, I can tell you that many people even in corporate entities do not perform the most basic steps to be prepared for a quick system disaster recovery. In some cases, some of the most important recovery services have been disabled because of lack of system resources or disk space (which is amazing given how inexpensive this is anymore).
What Could Be The Impact Of This “Trusted” Trojan Horse
----------------------------------------
Just about every time you install a new application or piece of software you increase the time it takes to boot your PC and in some cases decrease its performance. On thing that drives me crazy is printing software. For the life of me I cannot understand how or why printer support software could total 400MB in size, but they sometimes do. Not only that, they tend to load all kinds of unnecessary real-time running applets. HP printers are notorious for this. Be very aware of what it is you are loading and only load those components that you need. Even some off-the-shelf software packages load adware and other not so helpful applets. Also, when you uninstall software, not all the software gets uninstalled in many cases. One thing I suggest is to purchase a registry cleaner. This can dramatically decrease boot times and in many cases increase the overall performance of your PC.
People are already concerned about identity theft, or at least they should be. I recently spoke with a business associate that told me that even with everything he does to keep his identity secure he has been the victim of identity theft not once, but twice. If your user id’s, online accounts, passwords, financials, or other confidential information winds up on the Internet for any anonymous person to see, you can bet it will be used in a way to cause you problems. Even if only 10% of the global systems fell victim to this Trojan Horse, the cut off of communications could cost businesses billions of dollars and potentially impact their reputation as “secure” institutions.
Conclusion
----------
If we don’t think that this “worse case scenario” can happen, then we’re kidding ourselves. Recently, one of the market leaders in the perimeter defense business had to recall a service pack because it contained a significant “bug” that could result in a security breach; a service pack that can be delivered through and intelligent update service. Obviously there has to be a certain level of trust between us, the consumer, and the vendors of hardware / software we rely on. I’m not entirely sure what “fail-proof” solution can be put in place to prevent something like this from happening. Although I’m sure there are quite a few checks and balances in place already. The bottom line is, if you or I can image a scenario like this, there is always a chance of it happening. In my case, I usually wait for several days to apply new service packs and hot-fixes. Hopefully someone else will find the problem, correct it, and then I’ll apply it.
You may reprint or publish this article free of charge as long as the bylines are included.
Original URL (The Web version of the article)
------------
http://www.defendingthenet.com/newsletters/TrojanHorseDeliveredInAutomaticUpdate.htm
About The Author
----------------
Darren Miller is an Information Security Consultant with over seventeen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to contact Darren you can e-mail him at Darren.Miller@defendingthenet.com. If you would like to know more about computer security please visit us at http://www.defendingthenet.com.
Article keywords: trojan horse, trojan horse virus, delete trojan horse, remove trojan horse, trojan horse picture, trojan horse removal, new trojan horse
Article Source: http://www.articles32.com
.: New Software Articles
1). What Your Spouse Might Not Want You To Know
Is your spouse or significant other extremely secretive about their computer habits?
2). Why Buy Anti Spyware Software When I Can Download it Free?
Many Spyware software packages are being sold on the Internet. Many other packages are listed for free. Why should you pay for something that might be free?
3). Free Spyware Adware Remover
Computers need routine maintenance as well as systems checks in order to be in good condition at all times. This can be done by getting the proper software or sending the unit to the shop.
4). Getting Free Internet Security for Your Computer
Surfing the Internet nowadays can be very dangerous. With all the viruses, spywares, adwares, identity thieves and hackers circulating for surfers to victimize, opening and downloading an attachment sent by your friend can be very scary.
5). What Are Your Children Doing Online?
In the Internet age, our children use the computer as much as or maybe more than their parents do. Kids use the Internet to do homework, play video games, converse with their friends and more.
6). Safe Guard Your Critial Business Documents
All types of commercial places, whether in the private, public or the government sector are now increasingly using computers for various possible functions.
7). How Folder Hider Software Works
Nowadays, a computer is being increasingly used in all types of settings, whether it is an office, a corporate house or domestic settings.
.: Top Software Articles
1). Track Your MySpace Profile Visitors
I know that everyone who is on MySpace has had the same burning questions that I’ve had. How can I see who has viewed my MySpace profile? Where can I find a MySpace Tracker? Since MySpace has become so popular, so have the MySpace profile stalkers. Could be your friends, neighbors, ex-boyfriends or ex-girlfriends, or even someone you don’t even know.
2). Discover Mozzila FireFox Browser -and How to Install Extensions
Discover Mozilla FireFox Extra Features – Extensions and How To Install Them
If you are still not using any other web browser then FireFox (no matter what OS you are using) you are endangering the security of your computer and missing out on a much richer surfing experience.
One of Mozilla FireFox browser most powerful feature is the possibility to install extensions.
3). PsP Software Downloads – Review for PsP Blender
PsP software downloads is a very good way to get new software for your psp hand held. You can get psp movies from many different websites. Most of these sites include psp music downloads, psp movie downloads and psp software downloads and of course PsP Games. Many of the databases are different from one site to another. Some sites offer a wide variety of different choices.
4). Tutorial - Enabling IIS 5.1 on Windows XP Pro
Windows XP Home Edition does not support IIS
1. You may need to put your Windows XP Pro CD into the PC.
2. Go to Control Panel, ‘Add Remove Programs’, then ‘Add/Remove Windows Components’. In the Windows Components window, place a check mark
beside ‘Internet Information Services (IIS)’, then click next, then click finish.
3. During installation, Windows creates a directory at C:inetpubwwwroot and places a few files there.
5). PsP Software – Review of Software Download Sites
PsP handhelds are one of the newest and most fun ways to play games, watch movies and listen to music. PsP software downloads are just some things that you can do to improve your psp. PsP software downloads are fun and easy.
There are many places on the net were one can find psp software downloads. Some sites have you pay per download and sometimes charge up to a couple dollars for each download.
6). What To Do When Windows Fail To Boot
Copyright 2006 Otis Cooper
When Windows fails to boot it is normally caused by you installing a program or device and it has caused a conflict with one or more other programs.
This will no doubt give you plenty of heartaches if you're not certain which program caused Windows to not boot up.
If you recently installed a program or application and know where it was installed,you may be in much better shape as for as correcting the error.
7). SQL Server 2000 Data Types
SQL Server requires that each variable and column in a table should be defined with respect to the type of data it will store. From a bit to a huge image and binary storage types, the allocation is supposed to help the user conform to the data required, and help the engine allocate space and processing speed efficiently.
Built-in data types
SQL.