Targeted Trojan Attacks Gaining Momentum Moving into the Age of the Targeted Trojan Horse Sharon Gaudin
While the amount of malware that hit the Internet increased in March, the number of mass-mailing worms seems to be on a downward slide, according to anti-virus experts.
The era of the mass-mailing worm being the dominant malware in the Wild may be coming to a close. Now we're looking at the age of the targeted Trojan horse — more sophisticated, more stealthy and maybe even more dangerous.
"What we're seeing a lot of is Trojan backdoor programs," says Steve Sundermeier, a vice president at Central Command, an anti-virus and anti-spam company based in Medina, Ohio.
"They're accounting for a vast majority of new signatures ... We're going away from the years when the Internet worm was really popular. Don't get me wrong. The Internet worm will still exist but Trojans are coming on strong."
And this targeted Trojan attacks helped increase the number of new malware that IT administrators and anti-virus venders had to fend off last month. While January and February saw a decrease in the number of new worms, viruses and Trojans hitting the Wild, March numbers were on climbing back up.
The new wave of Trojan attacks are aimed at specific targets, according to both Sundermeier and Graham Cluley, senior technology consultant for Sophos, an anti-virus and anti-spam company based in Lynnfield, Mass. Where the big-hitting worms are sent out by the millions, flooding the Internet around the world, these Trojans are not self-replicating and are sent to a few hundred email addresses.
These low-key attacks keep the malware writers under the radar and out of the government's sites, says Sundermeier.
"If you're writing a mass-mailing worm that shuts down the Internet, that's going to get a lot of attention," he adds. "The Sasser author and the Netsky author got busted, and that's sending out a message. These [Trojan] attacks are growing in popularity because if you send out 100 around the world, the FBI will have an impossible time investigating it.
Cluley tells eSecurityPlanet that the Trojan attacks largely are targeting banking customers, and they're going after large financial payoffs.
"The Trojans are financially motivated," he adds. "And they're often set up to turn off your security so they can pick up your financial information and turn your computer into a zombie — part of a botnet — that can be used to launch spam or further virus attacks."
Sundermeier also notes that wayward teens and amateurs are not at the helm of this malware trend. This is being spearheaded by organized crime, which has the financial backing to launch more sophisticated and complex attacks.
"The stakes have been raised," he says. "It's criminal."
Central Command's analysts recorded 3,320 new virus signatures in March. That's nearly a 32 percent increase over February, which showed 2,629 new signatures. And February was slightly down from January, which recorded 2,934.
And Cluley notes that one in 108 emails last month carried malware.
As usual, Central Command and Sophos have two different lists when it comes to the Top Five most prolific malware on the Internet. For March, Central Command lists: Worm-P2P-VB-CIL (the Kama Sutra worm), which accounted for 29.67 percent of all malware in the Wild; Netsky-Q with 10.09 percent; Netsky-P with 1.88 percent; Netsky-R with 1.16 percent, and Netsky-Z with 1.07 percent.
Sophos lists its own Top Five as: Zafi-B with 17.3 percent; Netsky-P with 15.3 percent; Nyxem-D (the Kama Sutra worm) with 7.9 percent; MyDoom-AJ with 4.1 percent, and Mytob-EX with 3.6 percent.
