May 30th, 2005, 07:45 PM
Another reason not to rely just on A-V software
If the information at Sans is accurate Trojans for industrial espionage this is another example that anti-virus software is not enough.
If you read through the article linked in the Sans Handlers Diary Trojan horse also hit major int'l firms you’ll notice the investigation began in November 2004. The possible Symantic definition was posted first April 26, 2005. The Trojan was in use at least that long, maybe longer.
... would send the virus hidden inside a promotional CD to various companies, which unknowingly uploaded the Trojan horse onto their computer system. The private investigators would also send emails to the various companies with the virus as an attachment, police said.
Also, this might be a nice story to print for your next budget request?
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
May 30th, 2005, 10:42 PM
looks like the only reason it was discovered was because one person was suspicious that there may have been a trojan...
I wonder how much longer it would have been in the wild if that novelist hadn't become suspicious?
geez I hate the writers that put spaces in their file names ... svchost.exe and ..svchost.exe or even svchost .exe especially the buggers with the leading spaces..
nice find IknowNot thanks
As a footnote: How many time have we submitted a suspect file, to not see it recognised by any product for better than 6 months.. the oldest in my virus Zoo is 8 months... there are a couple that are not recognised by one or more products for better than a year, symantec and NAI being the worst
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
May 31st, 2005, 02:28 PM
Very interesting article! I found the lawyers coments kinda amusing..:
""The software is totally legal," said Ofir Katz Neriah, the lawyer for one of the suspects. "The question is if the use that my client made of the software was illegal - and the answer is definitely not.""
Hmmmmmm so that there Trojan aint all that bad, it's the LEGAL kind huh? 8D
Great article, really good find IKnowNot
~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!
June 1st, 2005, 04:42 PM
The point about the software being legal seems fairly moot as I suspect MrCoffee was pointing out. I think it'd be relatively hard to write illegal software. The only thing that I can think of that comes close but is still not the same is software that is illegal to export. Sounds like the lawyer was "bullsh***ing" in order to make his client look better, but without actually saying anything interesting. Guess that's lawyer's for you.
Did anyone notice the point that one of the companies made about getting the private investigator to sign a contract stating that they would not break the law? I apologise for being paranoid, but does that not seem fairly naive? It also seems like at least one of the companies being spied upon did not have particularly good IT support (or however you want to put it), because they released a statement saying that trojans were space age tools that you'd see in James Bond or star wars. Sounds like no-one bothered explaining what a trojan was to them.