Sharp increase in the number of Trojans

"The Trojan activity levels have increased, as well as the types of things the Trojans are trying to do," Sophos senior security analyst Chris Belthoff told NewsFactor. "We're seeing more Trojans passed around that are compromising systems. A lot of these Trojans are being used to take over systems for more nefarious uses than in the past. And a lot are being used more in spam networks, which troubles us, as an antispam vendor."

The number of Trojan-style virus attacks has spiked this fall, according to Boston-based Sophos. On the company's updated list of the most recent detected virus threats, Trojans accounted for only two of the 18 virus threats it found in August. But in November, Trojans made up 21 of the 57 virus threats. And in the first four days of December alone, there were three Trojans deemed to be threats. Major offenders include Graybird, which claims to be a fake Microsoft (Nasdaq: MSFT) security patch, and Sysbug, which comes into e-mail accounts with promises of pornographic photographs but then collects information, such as user names and passwords.

"From all the indications I've seen, there is a big spike in the use of Trojan horses," Giga director of research Michael Rasmussen told NewsFactor. "There's some Blaster variants that had Trojans built in them; people clicking on e-mails can be easily infected by Trojans; and spyware is a big Trojan-like device that is really getting out of hand."

Spammers and Trojans: Unholy Alliance

What Belthoff found most disturbing were signs of a coalition between spammers and Trojan programmers. Recent Trojans like Regate-A and Dmomize-A infect and essentially hijack computers, using them as bases from which to launch reams and reams of spam.

"We're seeing spam coming from sources that they don't normally don't come from, such as many coming from the IP-address range of broadband- and dialup-machine ranges," he said. "There's no hard proof yet, but the speculation is that machines are being taken over by Trojans for purposes of spam networks. And there's evidence, as well, from cracking open the Trojans, that what they're doing is setting up SMTP servers on infected systems for the primary purposes of setting up spam."

Unwilling Outlaws

Most disturbing for businesses is the fact that a brace of federal- and state-level laws hold companies responsible for the breaches that might occur from viral infections. A bill that President Bush has vowed to sign would hold an organization liable for any spam sent out from its computers -- even in the event it was unintended or the work of a virus. A law already on the books in California since summer 2002 is just as strict, if not more so, in punishing companies that have had personal information stolen from them.

"If you're in a regulated business like healthcare , there's a lot of people's information you deal with," Rasmussen said. "If you have a reasonable belief that there are Trojans in your system that could have compromised any California resident's personal information, according to this California bill, you have to disclose that you've been infected and have a potential security problem, or you'll open yourself up to a class-action lawsuit. And the company doesn't have to be based in California -- it just has to involve a California resident. That's huge."

Story from: NEWSFACTOR