While email is certainly a vector for "trojans," unfortunately the antivirus companies have been very much involved in muddying the waters which separate the technical boundaries of viruses, worms, trojans, malware, pests, et al in order to convince people that a one size fits all solution covers all. After all, if antiviruses truly covered all, there would be no need for a firewall since every potential nasty would be detected and defeated by means of a simple file scanning.
Software-based firewalls exist because of a continuing gaping hole known as "Windows file and printer sharing" which left ports 137 and 139 open. Later versions of Windows added additional "open ports" such as 5000 (Universal Plug and Play, often FALSELY detected as "you have the SOCKETS DE TROIE trojan on your machine") whereas REAL trojans can be configured to operate on ANY port (nullifying the value of "this port's open, so you have the XBLAH trojan" alerts) and thus port detection, file scanning, and in general software firewalls have become useless in modern times.
Fixed methodologies are predictable. "Ports" detection CAN be bypassed. New methods of file encryption, packing, polymorphism and even memory diddling are the tools of choice among "ne'er-do-wells" these days to elude "file scanners" and as I indicated in a previous message, there are SO many different methods of bypassing firewalls by use of raw sockets or libraries which offer DIRECT access to the communications HARDWARE, connecting BELOW the firewall to "get out."
There's also the ability to EMBED dynamic link library portions directly into ACCESS PERMITTED programs such as Internet Explorer and others by either using a "browser helper object (BHO)" or INJECTING trojan code directly into ANOTHER program which has "internet access" through a firewall (you're online - you're SURFING - "Internet Explorer" want to access the internet. DO YOU SAY NO?) Hmmm. This is how the kiddies get over. YOU APPROVED of it!
SO ... where do trojans actually come from to get on your machine? Many believe that they arrive as email attachments, so a spam filter or popup stopper will take care of it, right? WRONG.
Where do most trojans land on your machine from? Here's REALITY based
on analysis of where OUR customers get them from, in order of frequency.
1. PORN sites (run by script kiddies and hackers. Ever wonder WHY you
got that "free passport?" )
2. USENET newsgroups - often by enticement of free porn downloaders,
hacked accounts, and MOST often - "pirated WAREZ. MUSIC or CRACKZ!" Yep
- that free version of fully-registered, ready to go software. Second
only to porn for getting people to install a hidden nasty and be lifted
of their credit card information among OTHER sensitive data on their
computers.
3. KAZAA, "NAPSTERS" or similar "I don't want to pay for software or
music" so I'll look for it for free type servers run by the clueless,
just FULL of trojans masquerading as "free software" ... download it,
and you are "owned," even if the download somehow has a "problem" and
doesn't run.
ESPECIALLY when that's the case.
4. "Software Publisher Sites" ... as much as I think of sites like
Tucows (We respect them GREATLY for what they've done all these years
for the software community, but there's just SO much released daily they
clearly can't test EVERY FILE when they publish it) and many OTHERS
offering "free software" or "trial versions" you absolutely MUST check
out the authors before you download software - so MANY packages these
days consist of libraries that make writing freeware and shareware easy,
but have "trap doors" built right IN! If it's written in "Delphi" or
"Visual Basic" you really need to be on your toes. In particular,
software that's been COMPRESSED with UPX, ASPACK, INFLATE or other
"file-obscuring" technologies are suspect on their face. While some
"freeware" and "shareware" authors insist that the use of file-obscuring
software "protects" them from "disassembly," rest assured that there are
"unpackers" out there WIDELY used to do what they claim to use these
compaction schemes for. The ZIP, RAR, CAB and other legitimate "packing"
methods ensure a small download without this extra step, used by most
"ne'er-do-wells" to try to avoid file-scanning for nastiness by your
trusty antivirus since there's no OTHER real basis for compacting them
beyond concealment. What do they have to hide that the kiddies can't
steal anyway? WATCH WHAT YOU DOWNLOAD, and SUSPECT it ... CHECK OUT THE
SOURCE BEFORE YOU DOWNLOAD. ARE they "trusted?"
5. Be ESPECIALLY wary of any "hacks or cracks" wherein you are offered
"registration keys" or "full versions" of commercial software. Also be
wary of multimedia downloads." Be *SURE* that in your browser and folder
settings in Windows that you've enabled "show ALL files" and have turned
off "file extensions for known files" so that if you go to download a
multimedia file called "jailbait.MPG" that it isn't REALLY
"jailbait.MPG.EXE" that you're downloading ... and if it's a crack, the
kiddies LOVE to add a little extra "love gift" to their "patch" ... our
own BOClean product was made available a week or so ago on
alt.binaries.misc ... it's an OBSOLETE version, but the extra "kick" was
that it contained a variant of the Chernoyl (CIH) virus that went
undetected by every antivirus program out there. Needless to say, WE
were amused at email blaming *US* for what happened to them.
Trojans (Remote Control as described in a very well-written article by
Gary Flynn at James Madison University) and how they function, and how
to DEAL with them can be found here:
http://www.jmu.edu/computing/info-security/engineering/issues/remote.shtml
additional details can be found in our own library at:
http://www.nsclean.com/library.html
You CAN avoid trojans, but it's getting harder day by day to do so. And the kiddies (AND GOVERNMENTS) who are distributing these things are getting nastier and more elusive day by day. This is what *we* do for a living, trying to keep ahead of them all.
A firewall and an antivirus though isn't enough. We make ONE solution, there are others out there as well. An ANTI-TROJAN is now a necessity. AV's and firewalls alone genuinely aren't enough. If you've EVER encountered "cannot disinfect" or "cannot remove virus" ... then you've already SEEN what we're talking about.
Bottom line ... if you LOOK at a download, and it sounds too good to be
true, it *IS* ... the days of forever freebies, financed by NASDAQ, and
pirates offering you a free copy of something, BEWARE. If you AVOID
downloads, and protect yourself by knowing what the TRUE identity of a
file really is BEFORE you download it, then maybe you won't need the
antitrojan software that we provide. It's a scary world out there, and
freebies SHOULD be suspect now that *nobody's* paying for them.
___________________________________________________________________________
You are receiving this email as part of our Opt-In Newsletter program.
You have either opted in with us or through Digital River. We value
your privacy. If you wish to stop receiving these, please email
newletter@nsclean.com with the subject of OPT-OUT and ONLY the email
address(es) to be deleted in the body of the message. If you have
received multiple copies of the mailing in error, please email
newsletter@nsclean.com with the subject of MULTIPLE and list ONLY the
email address(es) to be deleted in the body of the message, we will
retain the primary address and send one copy to you in the future. Thank
you.
©2003 Privacy Software Corporation. All rights reserved.