New Trojan 2.0 Spreads by Camouflaging Web 2.0 Technology
Web gateway security products supplier, Finjan, after a careful study, has reported that trojans from China were infecting users' systems. The MCRC, i.e. Malicious Code Research Center, of the company has found groups engaged in malicious activity are distributing malware through a number of interconnected websites to beat conventional information security systems.
Chief Technology Officer, Yuval Ben-Itzhak, for Finjan told eWEEK that the Finjan's MCRC recently spotted three different trojans by using low-profile blogs to obey commands from botnet operators or to transmit stolen data back to criminals stealing identities. This was published on December 10, 2007.
Finjan calls this new Trojan as Trojan 2.0, which is at its first stage of development, as the security firm has found its use only in blogs with limited popularity.
Trojan 2.0 might appear to be the latest in the long list of malware using the recognition of Web 2.0. Finjan referring the Trojan in this manner is not unfounded as Trojan 2.0 takes advantage of Web 2.0 software and systems.
Further in its report, Finjan notes that it becomes difficult to block the command and control behavior of the Trojan when the malware executes the communication via open channels. These commands made to the trojans can conveniently be transformed to an RSS message to transmit it to a priceless RSS reader such as MyYahoo or Google Reader.
Such is considered the first move in authenticating the exchange of control messages that the trojans execute, states the report. InformationWeek published this on December 10, 2007.
The report explains that by producing the traffic via trusted Web service, the Trojan saves itself from web security technology to shut it down.
The command and control center could therefore be any RSS-based blog, the report notes. And taking down that one blog would have little impact as the Trojan could then be linked to another command and control feed.
Even though Trojan 2.0 is just emerging, Finjan thinks it would be a frequent Trojan variety in 2008.
In conclusion, Finjan says that to stay protected from the Trojan 2.0 malware, there is need for real-time inspection of data.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 27-12-2007