Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » UK under Trojan attacks

UK under Trojan attacks

by Nikola Strahija on June 18th, 2005 Hackers are targeting British computers with a series of specially crafted Trojan horse attacks. The attacks are delivered either through email attachments or through links to maliciously-constructed websites, the UK's National Infrastructure Security Co-ordination Centre (NISCC) warned.


Approximately 300 UK government departments and businesses critical to the country's infrastructure have been the subject of Trojan horse attacks, many reportedly originating in the Far East. -The attackers' aim appears to be covert gathering or transmitting of commercially or economically valuable information, NISCC warns.

The attacks seek to compromise computers so that remote hackers can steal privileged information and potentially launch further attacks. Infected email use social engineering tricks, for example posing as information relevant to a target's job. -Once installed on a user's machine, Trojans may be used to obtain passwords, scan networks, send information out and launch further attacks, according to NISCC.

-Anti-virus software and firewalls do not give complete protection. Trojans may communicate with the attackers using common ports (eg HTTP, DNS, SSL) and can be modified to avoid anti-virus detection.
Paul King, principal security consultant at Cisco Systems UK, said the attacks demonstrated how conventional anti-virus scanning software was ineffective at stopping new and unknown attacks. -The role of anti-virus has become to throw away known bad stuff. Other technologies, such as host-based intrusion prevention, are needed to defend against previously unseen attacks.

NISCC said the attacks had being going on for some time but have recently become more sophisticated. Mark Sunner, CTO of UK-based email security firm MessageLabs, said it had recorded instances of the attacks for more than a year. -These are targeted attacks, very low in number and often featuring hand-crafted exploits. These are not mass mailers. We only see between 10 and 100 infected emails per attack and around two attacks per week.

-There's no rhyme or reason to the industry sectors targeted, certainly they aren't particularly focused on financial institutions. Although similar methods are been used, NISSC said the attacks are not for industrial espionage NISCC has documented the attack and put together a set of recommendations on defence strategies in a nine-page document. An appendix details the designation given by anti-virus firms for Trojans used in the attack. All listed Trojans at the time of writing are Windows specific.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »