Welcome | Sign In
ECommerceTimes.com
Security

Secret Trojan Network Could Produce Superworm

Print Version
E-Mail Article
Reprints
Secret Trojan Network Could Produce Superworm

By John P. Mello Jr.
TechNewsWorld
Part of the ECT News Network
01/15/04 7:28 AM PT

"The reason why Sinit is quite concerning is that it opens up a port on a machine, much like opening a window in your house," Sharon Ruckman, senior director for security response at Symantec, told TechNewsWorld.


Reading the Avaya-Nortel Roadmap requires a navigator
The release of the Avaya-Nortel roadmap has many people wondering what lies ahead for their customer contact initiatives. Join Ovum’s Ian Jacobs and Aspect CTO Gary Barnett to discuss how the integration of two product lines may affect you. Register for the webinar.

An established, clandestine network of compromised computers could become the launching pad for a superworm that would have a massive impact on the Internet.

The malware network was created by an unpublicized Trojan -- a malicious program that poses as a benign one -- called Sinit, which has already infected hundreds of thousands of computers, according to a report released Monday by Clearswift, a UK-based maker of software for managing and securing communications.

Sinit has created an underground peer-to-peer network that's removed the single point of failure that is often targeted by law enforcers to terminate viruses, the company explained in a statement. With Sinit, there is no central server that can be shut down. Each infected host becomes part of a peer-to-peer network through which additional Trojans can spread.

Great Deal of Malice

"It's spooky in the sense that it seems to have the potential for a great deal of malice," Greg Hampton, Clearswift vice president for U.S. marketing, told TechNewsWorld. "How it will be used is still unclear, so we don't want to raise any false alarms."

"The reason why Sinit is quite concerning is that it opens up a port on a machine, much like opening a window in your house," Sharon Ruckman, senior director for security response at Symantec (Nasdaq: SYMC), told TechNewsWorld. Through that open window, she explained, a hacker can filch a computer's network information, perform remote tasks on the computer, capture keystrokes and download more malware onto the machine. "It opens up a machine to anyone to come in and do whatever they want," she said.

According to the Clearswift report, the network has been used to hijack modems and run up the phone bills of unwary victims. But Clearswift said that, curiously, "the potential for much broader abuse remains as yet untapped."

Superworm in the Works

That broader abuse includes the spread of a superworm that could move rapidly and exponentially through the Internet, Hampton said. "It could start and stop before anyone had a chance of doing anything," he noted. "Whatever damage it did would be done in a hurry."

The reason it could replicate so quickly is because it wouldn't require human intervention, explained Steven Sundermeier, vice president for products and services at Central Command, an antivirus software maker in Medina, Ohio. The superworm -- should one be released -- would use a network of compromised machines to replicate itself from machine to machine, as we would see with a magnified version of the Slammer worm.

"The danger of these fileless infectors is the fact that they can replicate so fast," he told TechNewsWorld.

Buzzword Bingo

Although superworms have the potential to carry out massive mischief, not everyone believes that potential will be exploited by virus writers. "It's a buzzword that people like to throw out there," Joe Stewart, a senior security researcher at LURHQ, a managed-security provider headquartered in Myrtle Beach, South Carolina, told TechNewsWorld. "Whether we'll see one, I'm not sure.

"What we're seeing more now than people writing things just to be malicious or writing things to prove a concept is writing malware to make a profit," Stewart continued. "If there's profit in writing a superworm, someone will do it pretty soon."

Stewart cited several money-grabbing schemes used by malware scribblers: spammers using infected machines to distribute their messages and avoid being shut down; spammers using infected machines to host their own Web sites; modem and browser hijacking; and denial-of-service attacks to impair the operations of competitors or extort money from individuals.

Growth Business

Writing malware for financial gain will be a growth business in 2004, according to Central Command's Sundermeier. "We're anticipating an increase in the creation of Internet worms -- maybe in collaboration with spammers or hackers -- in order to have some sort of financial gain," he said.

"In the past, viruses were written for the virus writer's own notoriety," he continued. "Now we're seeing kind of a scary trend toward writing virus code and replication in order to ruin the livelihood of Internet users."

Print Version E-Mail Article Reprints More by John P. Mello Jr.

Talkback: Be the first to comment on this story.

More by John P. Mello Jr.

FileMaker Pro Goes to 11
March 15, 2010
FileMaker has pushed out the 11th version of its Pro database product, and its new charting capabilities top the list of new features. Pie, bar and area charts can be created instantly and will change dynamically as the data underlying them changes. In addition, FileMaker 11 includes more than 30 "Start Solutions" that address the kind of real-world information needs for which business people buy a database. 		Corel's X3 Photo Editor Paints a Pretty Picture
March 11, 2010
Corel has packed its latest version of PaintShop Photo Pro, X3, with a boatload of new features, many of which are aimed at smoothing out the photographer's workflow. It's tied in a new batch processing feature as well as Express Lab, which gives photo editors the power of combined tools. There's also better support for RAW files and a bonus Painter Photo Essentials 4 app for adding an artistic flourish. 		Aperture's Makeover Delights Photogs
March 08, 2010
While Aperture's new features make it more attractive than ever to professional photographers, its main selling point appears to be its superior ability to automate a photographer's workflow. "For me, the most important thing about Aperture -- always has been and remains -- is that it is simply the most powerful archiving tool available," said photographer Bill Frakes.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Online Retail Transaction Performance Indices
> Inside E-Commerce Times
E-Commerce Times
TechNewsWorld
CRM Buyer
E-Business White Papers and Reports
Tealeaf
Take the "Risk" Out of Site Redesign
Creating an Integrated View of Your Online Customer Behavior
Customer Experience Management: Engaging Loyal Customers to Evangelize Your Brand
LinuxInsider
MacNewsWorld
Today's E-Commerce Times Sponsors
Secure Your Datacenter
Mitigate risk and maximize the benefits of virtualization. Get the free eBook today.
How will the Avaya Roadmap affect you?
Webinar: Ovum’s Ian Jacobs and Aspect CTO Gary Barnett on implications for the contact center.
White Paper
Learn How to Drive Revenue and Maximize ROI Communicating Your Message at the Cinema.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2010 ECT News Network, Inc. All Rights Reserved.