Security Researchers Feverishly Track New Trojan - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Security Researchers Feverishly Track New Trojan

The threat throws off lots of noise and seems to be mapping the Internet.

There's a new security threat out on the Internet, but it's not clear how much of a threat it really is. Security researchers at Internet Security Systems say they've captured the code for a sneaky new Trojan application that has installed itself on an unknown number of Internet-connected servers and is attempting to scan and map networks connected to the Internet and send that information back to its controller.

Dan Ingevaldson, team leader for Internet Security Systems' X-Force R&D unit, says researchers are studying the Trojan--currently dubbed 55808 for its Windows size--which has been causing confusion for about a month in security circles. Security experts managed to capture their first copy of the Trojan on Wednesday, and they're still working to determine exactly what the Trojan is trying to accomplish.

One thing is clear: Trojan 55808 is sneakier than previous Trojan horses. It doesn't self-propagate, like a virus or a worm, and requires the attacker to plant it on systems. But it does transmit a lot of network noise designed to throw off cybersleuths attempting to find the IP addresses of infected systems, as well as the address of the Trojan's writer or controller.

"For each machine that is infected, it will throw off 1,000 fake or spoofed IP addresses," Ingevaldson says.

Furthermore, the Trojan is part of a distributed network that security researchers have yet to completely understand. "All of these [Trojan] agents, or zombies, are working together," Ingevaldson says, "though there isn't a direct communication channel. Someone is trying to map Internet-connected networks."

The Trojan currently attacks Linux-based systems, Ingevaldson says, but it could easily be ported to other operating-system platforms. Many businesses use Linux as the operating system for their Web servers.

So far, it hasn't been possible to determine the number of infected systems, says Ingevaldson, who adds that the Trojan could be an experiment. Says Ingevaldson, "It seems to be a platform to technically see if this widespread network mapping can be done."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll