| Hackers at the Gate - a Look at 21st Century Trojan Horses |
by Charles "C.R." Robinson, Partner/Master Technician
Rodeo City Technology Group
An old problem is getting new press since the arrest of a college
student who the Securities and Exchange Commission alleges took
control of someone else's computer, accessed that person's
brokerage account, and caused an investment loss of $40,000.
Remote control programs, such as the one used by this student, are easily
available on the Internet. Most are used for legitimate purposes, such as
remote administration, technical support, or monitoring employees' use of
company computers. When used maliciously they are commonly referred to as
"Trojans" or "Backdoors."
While such programs have been around for years, the threat is increasing for
a few reasons. With more and more people getting online the pool of possible
victims has increased. As more people place orders, access banking accounts,
and trade stocks online the chance of gaining valuable information through
such an attack has also increased. The increase in always-on, high-speed
Internet connections, such as cable and DSL, has also made life easier on
would-be hackers.
Perhaps the most troubling reason for the renewed alarm is the evolution of
this kind of software. Like other programs, new versions of these
applications increase their power and ease-of-use. This means that the
modern "hacker" has to have far less computer savvy than his predecessors.
Because of extensive documentation and advanced graphical interfaces, most
students that have completed junior high computer literacy class possess the
prowess to operate such a program.
A Trojan is broken down into two components: the server, which the victim
must be tricked into running on their computer, and the client, which the
hacker uses to connect to the victim's (or host) computer. Once connected,
there is almost no end to the damage that can be done. The hacker can read,
create or delete files on the host computer or any computer it is connected
to. They can access webcams and even open and close the CD-ROM drive. They
can also use their access to install and run their own programs.
A common use for the latter ability is to install a "keylogger." This is a
program that saves every keystroke the unsuspecting victim makes to a file
on their hard drive. The hacker can then download this file and browse
through it at there leisure to recover such things as passwords, account
numbers, social security numbers, addresses, or any other information that
you might type into any form on an otherwise secure connection.
An up-to-date virus scanner will protect you from most, if not all, of these
programs. However, like the wooden horse from which they take their name,
most bypass your defenses by hiding their true nature. They can be imbedded
in harmless files, such as jokes or screen savers, which are then passed
around via e-mail or peer-to-peer file sharing networks such as Kazaa.
In some of the boldest cases Trojans are even sent directly by the hackers
via instant message programs like AIM or ICQ. In these instances the victim
will receive a message from a supposed struggling programming student, who
often claims to be on a tight deadline and needs someone to test a game they
are working on for a class project. Some even go as far as telling their
victims that the program still has some problems and may be detected as a
virus, so they ask that virus scanners be disabled before installing the
game. The helpful victim then gets sent a copy of the game, plus a little
something extra - the Trojan.
Common sense is your best defense. It is best to avoid running any program
sent to you by someone you do not know. It is also wise to avoid e-mail
attachments with an executable extension (such as .exe, .com, .bat, .scr,
.pif, or .vbs) even if it is from someone you know, unless they have told
you in advance they are sending a program. When in doubt, just delete it. If
it was legitimate they can always send it again. If you choose to use file
sharing programs like Grokster, it is best to stick to downloading music and
videos and stay away from program files like those mentioned above.
If you have noticed strange behavior from your computer, especially after
opening a new program, you may have been infected by a virus or Trojan. Scan
your system immediately with an anti-virus software such as Trend Micro's
PC-cillin or Symantec's Norton Anti-Virus. Warning signs might include a
slow down in your Internet connection, error messages containing
misspellings or typos, or loss of control of your keyboard or mouse.
If you find that you have been infected your job is not finished even after
that program has been removed. Think of it like having you purse stolen and
take the same steps. You will need to change any passwords you may have
used, such as those for AOL, e-mail, secure websites, Ebay, or PayPal, just
as you would have locks re-keyed. If you bank or trade stocks online you
will want to notify these institutions to keep an eye on your accounts. You
may need to contact the credit bureaus and have them put out a fraud
warning, especially if you think your social security number may have been
compromised. You may even consider notifying your customers or family of
this security breach if you store any of their sensitive information on your
computer.
To avoid problems in the first place consult with a qualified professional.
They can review your home or office security and make personalized
recommendations that will keep your computing safe and enjoyable.
*************************************************************
Charles "C.R." Robinson is a Microsoft-certified IT
professional who is a partner in Rodeo City Technology
Group, THE choice for computer/network service in
Mansfield, Texas.
Visit http://www.rodeocitytech.com and sign up for
The Round-Up, our monthly newsletter that keeps
you up-to-date on the latest computing trends, tips
and tricks.
*************************************************************
|
Back to Articles Index
|
|
 |
|
