IT security professionals have found traces of a stealthy new Trojan horse that as yet has no name.
A security analyst for a Defense Department contractor detected it last month, said Chris Hovis, director of product marketing for Lancope Inc. of Atlanta. Lancope last week confirmed the behavior of suspicious TCP SYN packets on its own so-called honeynet and on a large university network.
The packets have a window size of 55808 in the header. The Trojan horse apparently listens for packets with this value, which Hovis said might contain encrypted instructions for communicating.
“Based on the activity we have seen, which looks like probes from zombie hosts, there are likely infected machines that are looking for that identifier,” Hovis said.
Signature-based antivirus software cannot detect the third-generation Trojan horse. Hovis said the FBI and the CERT Coordination Center at Carnegie Mellon University had been notified of it.
Full Article
Sponsored by: â–ˆ Sparkhost - Hosting Without Compromises! â–ˆ Hybrid Performance Web Hosting â–ˆ Spark Host Stream Hosting â–ˆ Hybrid IRC & IRCd Server Shell Accounts
A new Trojan horse lurks at the gates
Started by
Blake
, Jun 22 2003 08:57 AM
No replies to this topic
#1
Blake
-
- Retired Admin
-
- 7,334 posts
Former Commander In Chief
Posted 22 June 2003 - 08:57 AM
Subscribe To Our RSS Feed For the Latest News from GovernmentSecurity.orgWould you like to earn money posting on GSO?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
