- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
On Dec. 22, an Internet investigator got a tip that child pornography was being housed on an adult Web site. When he visited the site to verify the information, he didn't find any illegal images. But what he did find was a Trojan horse that disabled the ActiveX security controls on his browser and took control of it.
"I heard my hard drive churning and clicked on my task manager and saw three executable programs were installing themselves," says Chris Brandon of Brandon Internet Services. "I knew I was in trouble when I couldn't get my task manager to cancel the programs."
By the time he checked his registry, the Trojan had installed dozens of programs that replaced the default Web page with its own, and loaded its own IP addresses in his favorite places, short cuts and safe zones. When he tried to erase the programs and reboot the machine, the virus reinstalled.
This program is a perfect example of spyware gone amok.
It installed itself by taking advantage of a vulnerability in Internet Explorer 4.x and 5.x that lets an unsigned applet to create and use ActiveX controls. Then it hijacked Brandon's browser, a term called "Web-jacking." But it could have been worse. Some variants evoke dialers to call up 1-900 numbers if the victim is using telephone dialup for Internet access.
"We're seeing more of this type of virus activity in recent months," says Ken Dunham, director of malicious code for iDefense, a security intelligence firm in Reston, Va. "Trojans promote going to certain pornography sites and other sites they affiliate with because they get money for the clicks from advertisers. They terminate regedit.exe [registry editor], and they can be very difficult to remove."
Anti-spyware vendor PestPatrol reports staggering growth over the past few months of the virus that Symantec dubbed Trojan.Norio. And at least 24 variants of the virus now exist in the wild, according to the anti-spyware site Spywareinfo.com.
Each variant is designed to do something different. One variant changes your customized search settings to allhyperlinks.com, for example. Another variant redirects all searches through a bogus site called Coolwebsearch.com. Another redirects Verisign's Site Finder to a fraudulent Site Finder site. Another evokes the auto-dialer. And so on.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment