Find White Papers
Home About Contact Help
Free Membership Member Login
Jul 18, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

The Corporate Threat Posed by Email Trojans

GFI
By : GFI
INFORMATION
Published : Jan 02, 2007
Length : 9
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

This white paper outlines what trojans are and why they pose a danger to corporate networks. As early as 2001, an eWeek article reported that tens of thousands of machines are infected with trojans. And this is fast on the rise. The alarming fact is that trojans can be used to steal credit card information, passwords, and other sensitive information, or to launch an electronic attack against your organization.

The white paper discusses the need for a trojan and executable scanner at mail server level in addition to a virus scanner, to combat this threat.
View All Items By This Company
Browse Related Categories :

Anti Virus

,

Email Archiving

,

Email Security

,

Internet Security

,

Intrusion Prevention

,

Network Security

,

Security Management
 
What is a trojan horse?

In the IT world, a trojan horse is used to enter a victim's computer undetected, granting the attacker unrestricted access to the data stored on that computer and causing great damage to the victim. A trojan can be a hidden program that runs on your computer without your knowledge, or it can be 'wrapped' into a legitimate program meaning that this program may therefore have hidden functions that you are not aware of.

What the attacker looks for

trojans can be used to siphon off confidential information or to create damage. Within the network context, a trojan is most likely to be used for spying and stealing private and sensitive information (industrial espionage). The attacker's interests could include but are not limited to:

- Credit card information (often used for domain registration or shopping sprees)

- Any accounting data (email passwords, dial-up passwords, Web services passwords, etc) - Confidential documents - Email addresses (for example, customer contact details) - Confidential designs or pictures - Calendar information regarding the user's whereabouts - Using your computer for illegal purposes, such as to hack, scan, flood or infiltrate other machines on the network or Internet.

Different types of trojans

There are many different types of trojans, which can be grouped into seven main categories. Note, however, that it is usually difficult to classify a trojan into a single grouping as trojans often have traits which would place them in multiple categories. The categories below outline the main functions that a trojan may have.

Remote access trojans

These are probably the most publicized trojans, because they provide the attacker with total control of the victim's machine. Examples are the Back Orifice and Netbus trojans. The idea behind them is to give the attacker COMPLETE access to someone's machine, and therefore full access to files, private conversations, accounting data, etc.

The Bugbear virus that hit the Internet in September 2002, for instance, installed a trojan horse on the victims' machines that could givehe remote attacker access to sensitive data.

Traditionally, trojans acted as a server and listened on a port that had to be available to Internet attackers. Attackers can now also make use of a reverse connection to reach the backdoored host so that they can reach the server even when it is behind a firewall. Some trojans can also automatically connect to IRC and can be controlled through IRC commands almost anonymously, without the attacker and the victim ever making a real TCP/IP connection.

Data-sending trojans (passwords, keystrokes etc.)

The purpose of these trojans is to send data back to the hacker with information such as passwords (ICQ, IRC, FTP, HTTP) or confidential information such as credit card details, chat logs, address lists, etc. The trojan could look for specific information in particular locations or it could install a key-logger and simply send all recorded keystrokes to the hacker (who in turn can extract the passwords from that data).

An example of this is the Badtrans.B email virus (released in the wild in December 2001) that could log users' keystrokes.

Captured data can be sent back to the attacker's email address, which in most cases is located at some free web-based email provider. Alternatively, captured data can be sent by connecting to a hacker's website - probably using a free web page provider - and submitting data via a web-form. Both methods would go unnoticed and can be done from any machine on your network with Internet and email access.

Both internal and external hackers can use data-sending trojans to gain access to confidential information about your company.

Destructive trojans

The only function of these trojans is to destroy and delete files. This makes them very simple to use. They can automatically delete all the core system files (for example, .dll, .ini or .exe files, and possibly others) on your machine. The trojan can either be activated by the attacker or can work like a logic bomb that starts on a specific day and time.

A destructive trojan is a danger to any computer network. In many ways, it is similar to a virus, but the destructive trojan has been created purposely to attack you, and therefore is unlikely to be detected by your anti-virus software.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map