This week's line-up of lower prevalence threats includes the expected run of Trojan horses and worms, mostly aiming to infiltrate vulnerable computers and take over the controls, says Brett Myroff, CEO of Sophos distributor, Netxactics.
While many companies have security and usage policies in place, Sophos has been drawing attention to additional risks associated with remote access to the corporate network.
"Remote connections present a major security risk, as they not only allow easy transfer of data or files, but also provide a backdoor for hackers to gain access to company resources," says Myroff. "IT departments cannot always verify whether it is an employee who has connected to the network or if a hacker has taken over the machine."
This is as much a liability as a backdoor Trojan doing as it pleases when executed on a user's PC, Myroff adds.
Spotted this week, Troj/IRCBot-XZ, a Trojan for the Windows platform, provides a backdoor server that allows a remote intruder to gain access and control over the computer via IRC channels.
When first run, Troj/IRCBot-XZ copies itself to <System>\wrfkuk.exe.
Woeful worm
W32/Mofei-X, a worm for the Windows platform, has also surfaced. It has the ability to inject itself into other processes as an attempt to hide itself.
"The worm provides backdoor access and control over the computer by creating a port, or backdoor, and then listening for instructions being sent from a remote client," Myroff explains.
The remote intruder will be able to carry out a variety of actions, including getting a Windows command shell, getting a content listing for selected folders, deleting files and folders, executing files and downloading files from the internet.
Terrible Trojans
Also of note this week, is the Troj/Tibs-TI Trojan, which affects Windows users, and the Troj/Mulex-B Trojan. The latter downloads code from the Internet and exploits system or software vulnerabilities.
"Troj/Mulex-B is a downloader Trojan for the Windows platform and attempts to exploit a number of vulnerabilities in applications, including Internet Explorer and Firefox, in order to download and execute a file from a remote Web site," says Myroff. This file is currently unavailable for download.
Troj/Lydra-AC and Troj/IRCBot-XZ have also made an appearance. The latter allows others to access the user's computer and installs itself in the registry.
Share