Trojan 2.0 - Implications of Web 2.0 technology

Security experts have just warned that Blogger, MySpace, and Facebook can easily be used by trojans 2.0 to become stolen data.

Finjan Malware Research Center has just released the Fourth Security Risk Report. Accordingly, traditional anti-malware signature-based measures (virus detection based on a database of known malware software) and blocking control channels via commands (command-and- control) - will become less effective because malicious software writers are taking advantage of Web 2.0 technology.

In computer jargon, trojans are simply malware but disguised as "harmless" to hide in computers. When started, they will install other programs or execute code that functions to capture or destroy the data contained in the system.

Trojan keylogger has the function to record actions on the keyboard of the infected computer user and send the collected data back to the person who distributed it. This is a common form of trojans.

Typically, an attacker can control remote trojan software. Finjan uses the Trojan 2.0 term to refer to the new generation of Trojans because they exploit bugs on Web 2.0 and software.

In his report, Finjan explained that locking down the Trojan's command-control structure is becoming harder and harder, when these commands are executed on open channels.

How a trojan command can easily be converted into an RSS feed and transmitted via a free RSS reader on the Web (such as Google Reader or My Yahoo). 'This is the first step that Trojans usually take to disguise control commands,' the report said.

' By transmitting via a third-party web service, Trojans can avoid being killed by Web security software .'

Since then, the report confirms that any blog that supports RSS can be a "control center". And closing that blog is also ineffective because Trojans can be targeted to target another RSS feed.

Stealing data can also be easily accessed when stored on Web 2.0 addresses such as Blogger, MySpace, and Facebook.

For security companies that are competing with each other, this is a big problem. Because this model uses Web addresses and real domain names to route the botnet, its communications are no different from normal Web traffic that existing security software cannot detect in most case, 'Finjan's report said.

Finjan concluded that real-time data investigation is essential to countering the risk of trojan 2.0. There have been many security experts speaking up about this issue.

Signature-based security methods will not be able to protect the Internet from trojans in an era when Trojan itself has its own signature. And both the port blocking will not help when the data is transmitted through the open ports.

Hoang Nguyen