Cybercriminals Trick: Targeted Trojan-Containing Emails

Threats we ordinary Web users face online leave us no choice but learn. Haven't you noticed how many new things you learned lately? We are much better informed about malicious programs than just a year ago.

This section of our vocabularies grows rapidly: now we all know what a "keylogger" is,"worm" for us has something to do not only with zoology, nor a "Trojan Horse" with Ancient Greek literature. We are getting better at avoiding such scams as phishing, and this word doesn't look like a spelling mistake anymore.

We Web users are getting smarter -- at least the numbers from the recent survey by the Pew Internet and American Life Project say so. The study shows that 91% of respondents (adult Web users from the USA) have improved their online behavior in one way or another.

81% of respondents have become more cautious about e-mail attachments.

People are also avoiding certain Web sites (48%), using file-sharing networks less often (25%), and even switching browsers (18%).

But, alas? As Web users get wiser, cybercriminals become more insidious and commit more sophisticated crimes.

More people are now aware of a worm, virus or Trojan which might be hidden in a spam email attachment -- for cybercriminals it means that spam becomes less "effective" means of spreading malware.

Why they are spreading malware? What motivates them? Money, of course.

All security experts are at one in thinking that " cybercriminals are primarily motivated by financial gain". In other words, they prefer cash to fun. Instead of doing mischief just for the h? of it, they steal money. Big money.

Along with other unlawful activities, cybercriminals are actively hunting for valuable data that can be turned into cash. Stealing information needs contaminating as many PCs as possible with malicious programs. Most PC users now are aware of (or we even can say, almost got used to) the fact that Trojan horses can be included into e-mail messages, multimedia files or free knick-knackery like postcards, smileys and screensavers. We users know that many viruses, worms, and Trojan horses contain information-stealing (keylogging) modules.

Spreading malware as wide as possible that's what cyberthieves do in order to reach their treacherous goal. At least it was their main approach -- until recently, when crooks began to more intensively exploit a new tactic.

Targeting at Individual Addressees

On July 8, 2005 CERT (the US Computer Emergency Readiness Team), issued an alert warning about the rise of Trojan attacks of a new kind. Signs of these stealthy Trojan attacks, which were targeting specific firms to evade detection, have been detected for the last year. Targeted Trojan-horse attacks are a new trend in online threats, states the alert.

Trojan attacks by themselves aren't new, but CERT said this technique has two features that make it very dangerous, especially for businesses.

First, conventional anti-virus software and firewalls can't beat Trojans of this kind. These programs are "tailor-made". Source code of known Trojans, if altered, is unfamiliar to anti-viruses, and they can't detect it.

Any new variation of known malicious program is a new program for anti-viruses. There is a long way from detection of a piece of malware to the moment when an anti-virus or anti-spyware vendor is able to offer protection against it. This cycle takes time -- from several hours to a couple of days. When such a program is detected, its signature (piece of code) should be picked and included into an update. Only after all anti-virus or anti-spyware programs on all users' PCs are updated it is possible to protect them against this particular piece of malware. Poor consolation for those unlucky ones who were hit by a new kind of malware FIRST.

These e-mails contain dangerous malware-laden attachments, or links to web sites hosting Trojan horses. When such an attachment is opened or a link is clicked, a malicious program installs the Trojan onto the users' machines. These Trojans can be configured to transmit information via ports used for a common service, like TCP port 80, which is assigned to Web traffic. That's why firewalls are helpless against them.

Second, this time the e-mails are TARGETED -- sent to specific recipients. Their subject lines often have something to do with the user's work or interests.

What the criminal can do when the attachment is opened? He can: (Quote from the alert issued by US-CERT)

  • Collect usernames and passwords for email accounts
  • Collect critical system information and scan network drives
  • Use the infected machine to compromise other machines and networks
  • Download further programs (e.g., worms, more advanced Trojans)
  • Upload documents and data to a remote computer

CERT made recommendations for system administrators on how to prevent this kind of Trojan horse attacks. You can get the complete list from: http://www.us-cert.gov/cas/techalerts/TA05-189A.html

As for us ordinary Web users -- to lessen the risk of these attacks we all should:

  • use an anti-virus scanner on all e-mail attachments
  • update operating system and application software to patch vulnerabilities these Trojans exploited
  • set the default options in e-mail clients to view opened e-mails as plain text, i.e. turn off the "Preview Pane" functionality.

    And, of course, be more cautious about everything which appears in our inboxes.

    Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company. This company provides software capable of disabling even "tailor-made" information-stealing modules, which can be hidden inside spyware as well as viruses, worms and Trojans.

    Learn more -- visit the company's website http://www.anti-keyloggers.com

    In The News:

pen paper and inkwell


cat break through


Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda

Fishing on the Internet has come a long way. However,... Read More

An Open Letter From a So-called Stupid

Someone recently told me, "You would have to be a... Read More

Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing

The Internet offers a global marketplace for consumers and businesses.... Read More

Anti-Spyware Protection: Behind How-To Tips

There is no doubt that "how-to articles" have become a... Read More

How Can Someone Get Private Information From My Computer?

From the "Ask Booster" column in the June 17, 2005... Read More

Do You Know What your Kids Are Doing Online?

It's a sad statistic, but hundreds of unsuspecting kids are... Read More

Spyware Programs Are Out To Get You!

The average computer is packed with hidden software that can... Read More

Dont Allow Hackers to Take Out Money from Your Bank Account

If you know what is the 'Fishing' then it's very... Read More

New Mass Mailing Spamming Internet Trojan for the Windows Platform

May. 16th 2005 - MicroWorld has reported the discovery of... Read More

Make Money Online - Latest Scam Disclosed

Before we start, I want to make it clear that... Read More

Be Aware of Phishing Scams!

If you use emails actively in your communication, you must... Read More

Another Fine Mess!

I'm in the Anti-Spyware business, and I'm doing a lot... Read More

Mall Protection

The Loss Prevention Manager should be receptive to the needs... Read More

How to Prevent Online Identity Theft

Identity theft rates one of the fastest growing crimes in... Read More

Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Airport Menace: The Wireless Peeping Tom As a network... Read More

Wells Fargo Report Phishing Scam

First off I should explain what phishing is. Phishing is... Read More

Is That Free Stuff Like An iPod Or Desktop Computer Really Free?

Have you seen the web site, www.freestuff.com? Or have you... Read More

Remove Rogue Desktop Icons Created By Spyware

If you have used a Windows machine for a while,... Read More

Network Security 101

As more people are logging onto the Internet everyday, Network... Read More

How To Clean the Spies In Your Computer?

Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer... Read More

An Open Door To Your Home Wireless Internet Network Security?

This is not some new fangled techno-speak, it is a... Read More

How to Get Rid of New Sobig.F Virus?

As you know, this time the virus under the name... Read More

7 Ways to Spot a PayPal Scam E-Mail

Paypal is a great site and is used by many... Read More

Phishing - Learn To Identify It

Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More

How to Protect Your Child from the Internet

When the Internet first came about, it was realized it... Read More

Hacked: Who Else Is Using Your Computer?

A friend called me one day and asked if I... Read More

IPv6 - Next Step In IP Security

IPv6, IntroductionThe high rate at wich the internet continualy evolves... Read More

Is Shopping Online For Your Horse Gifts Safe?

Shopping for horse gifts or other gift items on the... Read More

Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Is your enterprise following the rules?The bulk of financial information... Read More

Phishing-Based Scams: A Couple of New Ones

Phishing in its "classic" variant is relatively well-known. Actually, 43.4... Read More

Traditional Antivirus Programs Useless Against New Unidentified Viruses!

Every now and then you can read about a new... Read More

The Truth About Hiding Your Tracks on the Internet

Ok, ok, I know you've seen them. All those pop... Read More

DOS Attacks: Instigation and Mitigation

During the release of a new software product specialized to... Read More