Hostile Trojan Missiles Create Threat
Attention Information Technology editor - for immediate release
HOSTILE TROJAN MISSILES CREATE
A news alert from Content Technologies’ Threat Lab
WELLINGTON, Dec 6: Classic anti-virus solutions are not effective against present and emerging script attacks, such as LOVEBUG and KAKworm, currently the most prevalent viruses in the world.
Trojans such as Qaz, which breached Microsoft’s network in the United States and was the fifth most prevalent virus in September 2000, are dangerous but of more concern is the rise in prominence over the last couple of months of Script-based hostile code.
In a recent survey by the International Computer Security Association (ICSA), 41 per cent of the respondents said LOVEBUG had inflicted a “disaster “ in their networks, shutting down servers and costing companies on average $NZ 285,000 based on lost productivity and related issues.
The Threat Lab team from Content Technologies, the leading developer of e-mail and Internet content security and policy management solutions, has analysed the shape of present and emerging script attacks.
“Our research shows that the continued effectiveness of classic signature-based scanning anti-virus techniques will be greatly challenged by recent developments, both in the availability of tools for the unskilled 'script-kiddies'; and in the use of encryption,” says Alyn Hockey, Director of Research for Content Technologies.
“A good way to illustrate this is the development of Godmessage.html. Having studied the progress of KAKworm and BubbleBoy, we envisage that if the development of GodMessage.html continues at its current pace, it will soon be able to replicate and morph in such away as to present the AV industry with some interesting challenges.”
Currently Godmessage can be compared to a directed missile, which can be used to target a victim by e-mail for some nefarious purpose. Traditional AV solutions are able after a time to develop a viral pattern to protect the user.
“However, if Godmessage takes on worm capability - which we expect it to do – these individual attacks will multiply into a missile attack of differing payloads,” Mr Hockey said.
“Classic signature-based scanning anti-virus solutions will not be able to cope with the variants and the speed with which they appear. Potentially this leaves thousands of organisations and end-users exposed.”.
If you would like to know more, Content Technologies’ Threat Lab team have developed the following news bulletins on script-based hostile code, including:
HTML Signature Attacks, including an overview of KAKworm
Trojan within Trojan Attacks, including an overview of GodMessage
Protection from Script Attacks, including a free script checking tool from Content Technologies
About Content Technologies’ ThreatLab:
The main activities of the Content Technologies’ Threat Lab are to monitor current and incipient security issues, investigate novel threats and develop proactive strategies and defence mechanisms.
This was demonstrated with ThreatLab’s approach to LOVEBUG and its variants. The team developed a generic solution, rather than building countless patterns to protect customers.
Content Technologies’ customers have been protected from the LOVEBUG and its variants since May 5 with a single generic fix - an intelligent keyword search profile that detects if an attachment contains suspicious VBScript commands. The suspect message can be quarantined or deleted at the gateway, depending on the organisation’s content security policy.
MIMEsweeper can even check the object regardless of how many file extensions it is buried under and irrespective of the message or filename.
To keep abreast of the latest threats and how to use MIMEsweeper to stop them, subscribe to the threat lab newsletter at www.mimesweeper.com