 Description
It has been observed that new breed of Trojans called Trojan 2.0 are
propagating using Web 2.0 Technologies. These Trojans are using Social
Engineering and tricking users of Social Networking sites to open
malicious messages and download malware to user's systems.
The
social engineering techniques used by the attackers often render
success as users are more likely to allow ActiveX controls or
Javascript from a site they visit frequently or one with a well-known
brand name, and to accept invitations or interaction from known users
on Web 2.0 sites.
Reports
from Security agencies indicate growing trend of malware propagation
through postings to Social networking sites and blogs. It has also been
reported that web 2.0 sites provide an easily accessible place for
Crimeware Trojans to store stolen data until it can be collected and
deleted.
The Trojan
2.0 exploits features of web 2.0 technologies such as Widgets, gadgets,
module, capsule, which form code snippets that run in HTML without
additional compilation. The mobile code used for these widgets such as
ActiveX, JavaScript, DHTML, Flash etc are allowed by the users to run
on the client systems.
These
new generation Trojans also attack user accounts and use these profiles
to host malicious content such as key loggers. These malware then
spread through sending messages to other users in the network of
infected user account. The profiles of the users are also being used to
launch Phishing attacks.
CERT -In has issued virus alerts on Trojans such as Bancorkut, Scrapkut Orkut Worm which are examples of Trojan 2.0.
It
has also been reported that Botnets constituted by these Trojans may
use web 2.0 sites and RSS Feeds to operate Command & Control
(C&C) channels. This will legitimize the botnet traffic evading
detection from security solutions.
Countermeasures
The
solution to the threats posed by Trojan 2.0 are effective in the form
of administrative and social controls compared to technical controls.
Users are advised to implement following countermeasures:
- Exercise caution while visiting Social Networking sites.
- Keep up-to-date patches and fixes on the Operating System and Application Software.
- Keep up-to-date Antivirus and Antispyware signatures.
- Do not visit untrusted websites.
- Enterprises
may deploy Technical solutions with features of Real-Time Content
Inspection, and Deep Packet Inspection to examine both inbound and
outbound network traffic to check malicious activities.
|
