Trojan 2.0 - Implications of Web 2.0 technology
Security experts have just warned that Blogger, MySpace, and Facebook can easily be used by trojans 2.0 to become stolen data.
Finjan Malware Research Center has just released the Fourth Security Risk Report. Accordingly, traditional anti-malware signature-based measures (virus detection based on a database of known malware software) and blocking control channels via commands (command-and- control) - will become less effective because malicious software writers are taking advantage of Web 2.0 technology.
In computer jargon, trojans are simply malware but disguised as "harmless" to hide in computers. When started, they will install other programs or execute code that functions to capture or destroy the data contained in the system.
Trojan keylogger has the function to record actions on the keyboard of the infected computer user and send the collected data back to the person who distributed it. This is a common form of trojans.
Typically, an attacker can control remote trojan software. Finjan uses the Trojan 2.0 term to refer to the new generation of Trojans because they exploit bugs on Web 2.0 and software.
In his report, Finjan explained that locking down the Trojan's command-control structure is becoming harder and harder, when these commands are executed on open channels.
How a trojan command can easily be converted into an RSS feed and transmitted via a free RSS reader on the Web (such as Google Reader or My Yahoo). 'This is the first step that Trojans usually take to disguise control commands,' the report said.
' By transmitting via a third-party web service, Trojans can avoid being killed by Web security software .'
Since then, the report confirms that any blog that supports RSS can be a "control center". And closing that blog is also ineffective because Trojans can be targeted to target another RSS feed.
Stealing data can also be easily accessed when stored on Web 2.0 addresses such as Blogger, MySpace, and Facebook.
For security companies that are competing with each other, this is a big problem. Because this model uses Web addresses and real domain names to route the botnet, its communications are no different from normal Web traffic that existing security software cannot detect in most case, 'Finjan's report said.
Finjan concluded that real-time data investigation is essential to countering the risk of trojan 2.0. There have been many security experts speaking up about this issue.
Signature-based security methods will not be able to protect the Internet from trojans in an era when Trojan itself has its own signature. And both the port blocking will not help when the data is transmitted through the open ports.
Hoang Nguyen
- Appears a trojan ...
- The fake Trojan add-on Trojan is extremely dangerous
- The new Trojan bypasses the virtual keyboard face
- New Trojan forged McAfee
- Discover the mystery of Jovian Trojan
- Apple fake Trojan sales announcement
- Add new Trojan for ransom
- The Trojan said the sentence ...
- Warning about a new phishing trojan line
- The Trojan impersonates software that activates Windows
- 4 frightening consequences of eating at night without your knowledge
- The Trojan pretends to