- +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network - +
The Declaration of Interdependence 03/09/2007 15:02:56
The world has changed. You can’t deny employees the freedom to use consumer applications at work. Here’s how to live with and profit from themDigital cameras didn't creep up on the Drees company as much as they pounced. Five years ago a lot of employees at the $US1.1 billion real estate company weren't even using computers. Today, those same employees are responsible for one of the company's more innovative uses of technology - +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Local security firms have confirmed the presence of an online Trojan construction kit designed solely to update variants of itself and grab sensitive passwords and user details from infected users.
The Trojan, dubbed the PRG Trojan by SecureWorks (US) as well as Internet Security Systems (ISS) Australia, is a variant of another Trojan dubbed wnspoem by SecureWorks which was discovered October 2006.
It is really taking the tricks learnt in the past and applying them to modern day motives
The Trojan is designed to search data from the Windows internal memory buffer before the data is encrypted and sent to secure Web sites.
Don Jackson, security researcher at US SecureWorks said already variants of the PRG Trojan have stolen sensitive information from around 10,000 US citizens and sent the information to rogue servers in China, Russia and the US.
According to Jackson the Trojan can be recompiled in countless different ways to evade signature-based detection.
Adam Biviano, Trend Micro Australia premium services manager said the Trojan is a rehash of the script kiddie approach to authoring and sharing malware code and believes this kind of virus development is the future of viruses.
"This Trojan (PRG) is a very good example of a man-in-the-middle attack as it is designed to intercepts requests to encrypted web sites and SSL encryption offers no protection for machine as in SSL transactions the encryption occurs between the machines transporting data but not the end node," Biviano said.
"Wnspoem and the PRG Trojan were all based on this construction kit which enables people to define the properties of the Trojan, how it infects and even what it does."
"It is really taking the tricks learnt in the past and applying them to modern day motives". According to ISS, the construction kit is readily available online and is designed for rapid deployment of new Trojan variants using a variety of different packaging schemas.
"The PRG Trojan itself seems to have the ability to sort through files, sniff data out of HTTP/HTTPS headers (logins, etc) as opposed to actually keylogging, so it can detect "virtual keyboard" inputs, pasted text etc," an ISS spokesperson said.
"Some of the newer variants do appear to listen in on port 6081, but as an additional vector for commands after initial infection. The newer versions can also upload the data via chains of proxies in order to hide the traffic.
"The Trojan can update itself, and the updates can change the data upload sites to further avoid efforts to thwart the data theft (for instance, blocking known sites at the network firewall, etc)."
Declan Ingram, senior security consultant with Australian based information security and advisory company security-assessment.com said the hallmark of both the construction kit and subsequent variants is the dedication and organization of the developers.
Ingram said the developers of the Trojan are "so on top of" efforts to beat signature-based antivirus and security tools.
"The interesting thing about the PRG Trojan is its ability to change so rapidly," Ingram said.
"Due to the dedication and organization of the developers and technical or specific tools to stop it are thwarted in a very short period of time as the code always seems to untie them.
"It has actually been releasing new versions of itself as soon as the current ones are detected by AV companies as there is always a certain amount of time for AV companies to release a patch and end users to put the patch in place — at best 24 hours which is more than enough time for a small change or to have the software do it automatically."
Ingram suggested an organization can block port 6081activity by using strict firewall rules as well as ingress and egress filtering.
Computerworld Member Login
Beyond Virtualisation - The Roadmap to 2012
CIO Breakfast Briefing
8:30am - 10:30am
Brisbane | 22 July | Sofitel Brisbane
Sydney | 23 July | Four Seasons Hotel
Canberra | 24 July | The Hyatt
Attend and discover:
- What happens after virtualisation
- The benefits automation drives
- When automated infrastructures will emerge
- What the roadmap to 2012 looks like
- How to deliver an automated architecture
- How to maximise your investment in virtualisation
- +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future. - +
Data Management Edition #9: Data centre makeover 24/04/2008 07:43:06
This week CW Live looks at the death of the old style data centre which is undergoing its first makeover in more than 30 years.
Zepto release the Mythos, the 2nd installment in the Centrino 2 refresh 2008-07-09 12:05:00+10
Symantec Data Protection Solutions Preferred by Users and Industry Experts 2008-07-09 11:56:00+10
Residential VoIP: Let’s Get Naked, Declares IDC 2008-07-09 10:43:00+10
Frost & Sullivan: Australia’s Mobile Advertising Spend to Grow 300 Per Cent in 2008 2008-07-09 07:57:00+10
DIARY ALERT - Symantec data leakage prevention seminars 2008-07-08 17:20:00+10
Network Aware Service Management
Today’s complex, distributed and virtualised IT environments are almost impossible to manage. Learn how to obtain end-to-end visibility, as well as automated root cause analysis from within Microsoft’s System Centre Operations Manager 2007, creating a unique solution that addresses the need for network-aware, end-to-end service management.
