| Trojan Horse - One Mans "Worse Case Scenario" | | | | Finally, the Trojan Horse will cease it's |
| Prediction | | | | data collection and deliver it's final blow. |
| | | | Because of the level of system privilege it |
| --------------------- | | | | is running at, it modifies the communication |
| | | | protocols and services on the system to |
| This is a fictional article about a Trojan | | | | prevent any type of external communication to |
| Horse Virus, or you could say it is one mans | | | | its local peers and external (Internet) |
| prediction of a "worse case scenario". | | | | hosts. It does this in such as way that the |
| Because of the field I'm in, I maintain a | | | | only immediate method to recover from this is |
| personal list of my top 10 "worse case | | | | a system roll-back, system repair, or restore |
| scenarios". Every time I perform a security | | | | from near-line media, such as tape or disk. |
| assessment I run into something new or | | | | And as far as system recovery is concerned, I |
| identify a situation that is ripe for a | | | | can tell you that many people even in |
| potential vulnerability. I think we could all | | | | corporate entities do not perform the most |
| agree that no respectable or ethical company | | | | basic steps to be prepared for a quick system |
| would intentionally deliver a malicious piece | | | | disaster recovery. In some cases, some of |
| of code as part of a helpful update solution. | | | | the most important recovery services have |
| However, the reality is that human beings are | | | | been disabled because of lack of system |
| behind technology and human beings are | | | | resources or disk space (which is amazing |
| unpredictable and fallible.Many major | | | | given how inexpensive this is anymore).What |
| operating system vendors have automatic | | | | Could Be The Impact Of This "Trusted" Trojan |
| update services. Many hardware vendors and | | | | Horse |
| other software packages have followed this | | | | |
| trend, incorporating automated update | | | | --------------------- |
| services into their products. In some cases, | | | | |
| the services for automatic updates run as the | | | | Just about every time you install a new |
| local "system" account. This account has the | | | | application or piece of software you increase |
| ability to access and modify most of the | | | | the time it takes to boot your PC and in some |
| operating system and application environment. | | | | cases decrease its performance. On thing that |
| When automatic updates were relative new, | | | | drives me crazy is printing software. For the |
| many people would perform the updates | | | | life of me I cannot understand how or why |
| manually, however, as time has progressed, | | | | printer support software could total 400MB in |
| many now trust these services and allow the | | | | size, but they sometimes do. Not only that, |
| updates to proceed in a truly automated | | | | they tend to load all kinds of unnecessary |
| fashion.The Final Step Before The Hammer | | | | real-time running applets. HP printers are |
| Falls | | | | notorious for this. Be very aware of what it |
| | | | is you are loading and only load those |
| --------------------- | | | | components that you need. Even some |
| | | | off-the-shelf software packages load adware |
| So let's expand upon our "worse case | | | | and other not so helpful applets. Also, when |
| scenario". A new service pack is just about | | | | you uninstall software, not all the software |
| ready for release. The last step prior to | | | | gets uninstalled in many cases. One thing I |
| public release is quality control / | | | | suggest is to purchase a registry cleaner. |
| validation. The team of people performing | | | | This can dramatically decrease boot times and |
| this task includes a significantly | | | | in many cases increase the overall |
| disgruntled employee (Or may he/she is going | | | | performance of your PC.People are already |
| through a horrible life crisis and has not | | | | concerned about identity theft, or at least |
| much to lose). When people are in pain or | | | | they should be. I recently spoke with a |
| distress it is not uncommon for them to | | | | business associate that told me that even |
| project this same feeling onto others in any | | | | with everything he does to keep his identity |
| way they can. So, instead of performing their | | | | secure he has been the victim of identity |
| job in the normal fashion, they decide to | | | | theft not once, but twice. If your user id's, |
| incorporate a malicious payload into the | | | | online accounts, passwords, financials, or |
| forthcoming update.The First Step For The | | | | other confidential information winds up on |
| Trojan Horse: Evasion | | | | the Internet for any anonymous person to see, |
| | | | you can bet it will be used in a way to cause |
| --------------------- | | | | you problems. Even if only 10% of the global |
| | | | systems fell victim to this Trojan Horse, the |
| This payload has some unique characteristic, | | | | cut off of communications could cost |
| three to be precise. First, it is constructed | | | | businesses billions of dollars and |
| in such as way to not appear as something | | | | potentially impact their reputation as |
| malicious. The anti-virus and anti-spyware | | | | "secure" institutions.Conclusion |
| programs currently on the market won't be | | | | |
| able to detect it through anomalous detection | | | | --------------------- |
| techniques.The Second Step For The Trojan | | | | |
| Horse: Information Collection | | | | If we don't think that this "worse case |
| | | | scenario" can happen, then we're kidding |
| --------------------- | | | | ourselves. Recently, one of the market |
| | | | leaders in the perimeter defense business had |
| Secondly, it has been instructed to wait 12 | | | | to recall a service pack because it contained |
| hours to activate to start searching your | | | | a significant "bug" that could result in a |
| computer an network for important files that | | | | security breach; a service pack that can be |
| may contain financial, healthcare, and other | | | | delivered through and intelligent update |
| confidential information such as user | | | | service. Obviously there has to be a certain |
| accounts and passwords. It then sends this | | | | level of trust between us, the consumer, and |
| information to anonymous systems on the | | | | the vendors of hardware / software we rely |
| Internet. Because this "Trojan horse" has | | | | on. I'm not entirely sure what "fail-proof" |
| been incorporated into an automated update by | | | | solution can be put in place to prevent |
| someone with reasonable skills, it is | | | | something like this from happening. Although |
| instructed to only perform the collection of | | | | I'm sure there are quite a few checks and |
| data for 12 hours. Given the number of global | | | | balances in place already. The bottom line |
| systems that allow automated updates, 12 | | | | is, if you or I can image a scenario like |
| hours should be more than enough. The person | | | | this, there is always a chance of it |
| behind this realizes that someone will | | | | happening. In my case, I usually wait for |
| quickly identify that something malicious is | | | | several days to apply new service packs and |
| going on and start to roll-out a defense | | | | hot-fixes. Hopefully someone else will find |
| solution to halt the process.The Final Step: | | | | the problem, correct it, and then I'll apply |
| Incapacitate | | | | it.You may reprint or publish this article |
| | | | free of charge as long as the bylines are |
| --------------------- | | | | included. |
| | | | |