Describing what trojans are and why they pose a danger to corporate networks, this paper discusses the need and method to protect your network from the threat of trojans.
The corporate threat posed by email
trojans
How to protect your network against trojans
Describing what trojans are and why they pose a danger to corporate networks, this paper discusses the need and method to protect your network from the threat of trojans.
WWW.GFI.COM The corporate threat posed by email trojans . 2
Introduction This white paper outlines what trojans are and why they pose a danger to corporate networks. As early as 2001, an eWeek article reported that tens of thousands of machines are infected with trojans. And this is fast on the rise (InternetWeek.com, January 2004). The alarming fact is that trojans can be used to steal credit card information, passwords, and other sensitive information, or to launch an electronic attack against your organization. The white paper discusses the need for a trojan and executable scanner at mail server level in addition to a virus scanner, to combat this threat.
Introduction....................................................................................................................................2 What the attacker looks for............................................................................................................2 Different types of trojans ...............................................................................................................3 How can I get infected?.................................................................................................................5 How to protect your network from trojans .....................................................................................6 Malicious executable analysis - Trojan & Executable Scanner.....................................................7 Gateway protection........................................................................................................................8 About GFI ......................................................................................................................................9
What is a trojan horse? In the IT world, a trojan horse is used to enter a victim's computer undetected, granting the attacker unrestricted access to the data stored on that computer and causing great damage to the victim. A trojan can be a hidden program that runs on your computer without your knowledge, or it can be 'wrapped' into a legitimate program meaning that this program may therefore have hidden functions that you are not aware of. (For a quick look at how trojans work, please visit http://kbase.gfi.com/showarticle.asp?id=KBID001671).
What the attacker looks for trojans can be used to siphon off confidential information or to create damage. Within the network context, a trojan is most likely to be used for spying and stealing private and sensitive information (industrial espionage). The attacker's interests could include but are not limited to:
. Credit card information (often used for domain registration or shopping sprees) . Any accounting data (email passwords, dial-up passwords, Web services passwords, etc) . Confidential documents . Email addresses (for example, customer contact details) . Confidential designs or pictures . Calendar information regarding the user's whereabouts . Using your computer for illegal purposes, such as to hack, scan, flood or infiltrate other machines on the network or Internet.
WWW.GFI.COM The corporate threat posed by email trojans . 3
Different types of trojans There are many different types of trojans, which can be grouped into seven main categories. Note, however, that it is usually difficult to classify a trojan into a single grouping as trojans often have traits which would place them in multiple categories. The categories below outline the main functions that a trojan may have.
Remote access trojans These are probably the most publicized trojans, because they provide the attacker with total control of the victim's machine. Examples are the Back Orifice and Netbus trojans. The idea behind them is to give the attacker COMPLETE access to someone's machine, and therefore full access to files, private conversations, accounting data, etc.
The Bugbear virus that hit t... [download for more]
