Trojan network threat.GFI GFI Ground Fault Interrupter GFI Go For It GFI Government-Furnished Information GFI Growing Families International GFI Goodness of Fit Indices GFI Government Financial Institutions (Philippines) GFI Gross Farm Income have released a white paper to help network administrators tackle the growing problem of Trojans, which are increasingly being used to steal credit card data, passwords, and other sensitive information, and to launch electronic attacks against targeted organizations. The white paper outlines what Trojans are, why they pose a danger to corporate networks, and how to protect against them. It can be viewed at www.gfi.com/mailsecurity/wptrojans.htm. What a Trojan is and why it poses a threat to organizations A Trojan horse See Trojan. Trojan Horse hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad] See : Deceit (application, security) Trojan horse is used to enter a victim's computer undetected, granting the attacker unrestricted access to the data stored on that computer. A Trojan can be a hidden program that runs on the victim's computer without his knowledge, or it can be 'wrapped' into a legitimate program, which includes hidden functions of which the victim is unaware. In the corporate world, Trojans are mainly used to siphon off Verb 1. siphon off - convey, draw off, or empty by or as if by a siphon siphon, syphon draw, take out - take liquid out of a container or well; "She drew water from the barrel" confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead (industrial espionage industrial espionage Acquisition of trade secrets from business competitors. Industrial spying is a reaction to the efforts of many businesses to keep secret their designs, formulas, manufacturing processes, research, and future plans. ,) or to create damage. GFTs white paper describes the seven main types of Trojan and explains how a network can be infected in·fect tr.v. in·fect·ed, in·fect·ing, in·fects 1. To contaminate with a pathogenic microorganism or agent. 2. To communicate a pathogen or disease to. 3. To invade and produce infection in. by a Trojan via an email attachment See e-mail attachment. or a downloaded file. Why an anti-virus engine does not provide all the protection required Protection against Trojans is a must. Yet, basic security software such as an anti-virus engine does not provide an adequate safeguard against Trojans: the paper explains that although most virus scamers detect some public/known Trojans, they are unable to scan unknown Trojans. This is because anti-virus software anti-virus software n → Antivirensoftware f relies mainly on recognizing the "signatures" of each Trojan. Yet, because the source code of many Trojans is easily available, a more advanced hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. can create a new version of a Trojan, the signature of which is unknown to any anti-virus scanner. If the person planning to attack you finds out what anti-virus software you use, for example through the automatic disclaimer added to outgoing emails by some anti-virus engines, he will then create a Trojan specifically to bypass your virus scanner See antivirus program. engine, the white paper points out. Also, apart from failing to detect unknown Trojans, virus scanners do not detect all known Trojans either--most virus vendors do not actively seek new Trojans, and research has shown that virus engines each detect a particular set of Trojans. How to protect a network from Trojans The white paper proposes that to detect Trojans, one must use a multi-level strategy and deploy multiple virus scanners at the gateway, which would increase the percentage of known Trojans caught; and use content security with executable analysis to detect potentially malicious executables, analyse what they might do and prevent unknown Trojans from entering the network. Detecting unknown Trojans can he done by manually reviewing each incoming executable; yet this is a tedious and time-intensive job, that can he subject to human error. Therefore it is better to automate the process by means of a Trojan and executable scanner that can intelligently analyze what each executable does and how dangerous it is. A Trojan and executable analyzer disassembles the executable and detects in real time what it might do. It compares these actions to a database of malicious actions and then rates the risk level of the executable. This way, potent/ally dangerous, unknown or one-off Trojans may be detected. www.gfi.com/dsec/ |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion