Trojan 2.0 - Implications of Web 2.0 technology

Finjan Malware Research Center has just released the Fourth Security Risk Report. Accordingly, measures against traditional malware - signature-based (virus detection based on a database of known malware software) and

Security experts have warned that Blogger, MySpace, and Facebook can easily be used by trojans 2.0 to become stolen data.

Finjan Malware Research Center has just released the Fourth Security Risk Report. Accordingly, traditional anti-malware signature-based measures (virus detection based on a database of known malware software) and blocking control channels via commands (command-and- control) - will be less effective because malicious software writers are taking advantage of Web 2.0 technology.

In computer jargon, trojans are simply malware but disguised as "harmless" to hide in computers. When started, they will install other programs or execute code that functions to capture or destroy data contained in the system.

Trojan keylogger has the function to record actions on the keyboard of the infected computer user and send the collected data back to the person who distributed it. This is a common form of trojans.

Often, an attacker can control remote trojan software. Finjan uses Trojan 2.0 to refer to the new generation of Trojans because they exploit bugs on Web 2.0 and software.

In his report, Finjan explained that locking down the Trojan's command-control structure is getting harder and harder to implement, when these commands are executed on open channels.

Trojan 2.0 - Implications of Web 2.0 technology Picture 1Trojan 2.0 - Implications of Web 2.0 technology Picture 1 How a trojan command can easily be converted into an RSS feed and transmitted via a free RSS reader on the Web (such as Google Reader or My Yahoo). 'This is the first step that Trojans usually do to disguise control commands,' the report said.

' By transmitting via a third-party web service, Trojans can avoid being killed by Web security software .'

Since then, the report confirms that any blog that supports RSS can be a "control center". And closing that blog is also ineffective because Trojans can be directed to target another RSS feed.

Stealing data can also be easily accessed when stored on Web 2.0 addresses such as Blogger, MySpace, and Facebook.

For security companies that are competing with each other, this is a big problem. Because this model uses Web addresses and real domain names to route the botnet, its communications are no different from normal Web traffic that existing security software cannot detect in most case, 'Finjan's report said.

Finjan concluded that real-time data investigation is essential to countering the risk of trojan 2.0. There have been many security experts speaking up about this issue.

Signature-based security methods will not be able to protect the Internet from trojans in an era when Trojan itself has its own signature. And both the port blocking will not help when the data is transmitted through the open ports.

Hoang Nguyen

5 ★ | 1 Vote