IT security professionals have found traces of a stealthy new Trojan horse that as yet has no name.
A security analyst for a Defense Department contractor detected it last month, said Chris Hovis, director of product marketing for Lancope Inc. of Atlanta. Lancope last week confirmed the behavior of suspicious TCP SYN packets on its own so-called honeynet and on a large university network.
The packets have a window size of 55808 in the header. The Trojan horse apparently listens for packets with this value, which Hovis said might contain encrypted instructions for communicating.
“Based on the activity we have seen, which looks like probes from zombie hosts, there are likely infected machines that are looking for that identifier,” Hovis said.
Signature-based antivirus software cannot detect the third-generation Trojan horse. Hovis said the FBI and the CERT Coordination Center at Carnegie Mellon University had been notified of it.
A new Trojan horse lurks at the gates
No replies to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users