15 May 2007 08:12 GMT
Malware for the masses
Malware writers have traditionally been stereotyped as low-level hackers, and 15 years ago, this was probably true. Without the complex and hard-earned knowledge of the host operating system internals and a good understanding of computer programming, it was almost impossible to create effective new malware. With the introduction of Virus Toolkits in the 90’s this changed somewhat. Normal every day users could now generate malicious files with little or no effort on their part.
Today Virus Toolkits are still available but easily defended against, what’s interesting is the sheer breadth of functionality that some of the new Toolkits exhibit like Troj/Havar-A.
For example: if I somehow got infected with Troj/Havar-A, a remote user could have complete control over my entire computer. The remote user could delete, rename, download, upload and execute files, watch what I was doing, see what I was typing and hear what I was listening to. Troj/Havar-A even has the ability to upload and play sounds on the infected system.
None of this is particularly new nor brilliant, though Troj/Havar-A can create new, unique, configurable backdoor Trojans at the click of a button. It even has a skinnable interface with 6 skins available, it seems that some malware authors are looking to push their malicious software to a broader audience than ever before by not only making malware easy to create and use but visually appealing as well.
Fortunately we block Troj/Havar-A and hundreds like it; though if you have your Sophos Client Firewall configured correctly backdoor Trojans like this are rendered useless.
Chris Mitchell, SophosLabs Australia.
