Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
'Offensive' Trojan Can Disable PCs
However, worm hampers its own travels by damaging systems so thoroughly.
Sam Costello, IDG News Service
A new Trojan horse program that can severely limit user access to infected systems is spreading slowly worldwide, antivirus companies say.
The program, which is a script called either Trojan.JS.Offensive or Trojan.Offensive, can make Windows desktop icons invisible and can prevent users from starting programs or shutting down Windows. It even persists when a PC is being used in safe mode, according to information from antivirus vendor Symantec.
Luckily for users, the worm is not yet widespread and isn't likely to be, say antivirus vendors. Unlike a typical worm, which will often use an e-mail application to resend itself to other potential victims, Trojan.Offensive isn't likely to be able to spread itself because it locks up systems so extensively, says Craig Schmugar, a virus researcher with McAfee's AVERT Labs.
Trojan.Offensive arrives in users' e-mail in-boxes as an HTML e-mail message. However, it could also be available as Web page found on the Internet, if someone posted it there, Symantec says. The Trojan, written in Javascript, presents a "Start" button that, when clicked, activates the script. A variant of the Trojan lacks the "Start" button and activates when the file is opened. When executed, the Trojan makes a series of system-level changes to the configuration of the infected PC, greatly limiting user access to the system.
Drastic Remedies
The Trojan exploits a 10-month-old security hole in Microsoft's Java Virtual Machine, says McAfee's Schmugar. Systems that have applied Microsoft's patch are not vulnerable, he said.
The combination of an attack tool, called an exploit, and a Trojan is likely to become more common, as will the combination of exploits and worms, of which Code Red was an example, Schmugar says.
"I suspect we will see a lot more use of vulnerabilities" in worms, viruses, and Trojans, he says. In fact, a Web site exploiting this same vulnerability and using the same technique, but not using Trojan.Offensive itself, was discovered by AVERT last week, he said. The site has since been taken offline, he says.
If a PC is infected by Trojan.Offensive, typical users should contact technical support staff immediately, Symantec says. Reinstalling Windows, deleting the Trojan using DOS, or changing the system settings back by hand are ways to remove the infection, Symantec says.
"The average end user is going to have a heck of a time getting around these problems," AVERT's Schmugar agrees.
The Best of PC World
Top Selling Laptops
Featured APC Accessories
-
APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
-
APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.
People who read this also read:
Best Prices on Antivirus Software
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.90
Norton AntiVirus 2009 (Full Product)Price: $15.72
Norton Antivirus 2010 (Full Product, 1 User)Price: $16.95
Anti-virus 2010 (OEM Product, 1 User)Price: $17.95
Anti-Virus 2009 (Full Product)Price: $17.00
Norton Antivirus 2010 (Full Product, 3 Users)Price: $37.00
- 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
- A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.
