Anatomy of a Trojan - RPGWatch Forums
|
Your donations keep RPGWatch running!
RPGWatch Forums » General Forums » Off-Topic » Anatomy of a Trojan

Default Anatomy of a Trojan

March 26th, 2007, 17:54
Hello, everyone.

This is an extremely interesting, yet frightening read :
http://www.secureworks.com/research/…i/?threat=gozi

Frightening, because it shows how much work is put into the assemblage of Trojans nowadays.

I think you should know this, so that's why I've posted it here.

And I can only advise you to read it. Sorry, that I repeat myself, but to me this is very important, and I've learned a lot.

Alrik
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR
Original Sin 1 & 2 Donor

#1

Join Date: Nov 2006
Location: Old Europe
Posts: 18,735
Mentioned: 16 Post(s)

Default 

March 26th, 2007, 20:00
A lot of this was above my head, but even without full comprehension, that's a chilling report.
--
Where there's smoke, there's mirrors.
magerette is offline

magerette

magerette's Avatar
Hedgewitch

#2

Join Date: Oct 2006
Posts: 7,929
Mentioned: 0 Post(s)

Default 

March 27th, 2007, 02:26
Interesting read. Made me do a quick scan of my rig; it was clean!!
--
If God said it, then that settles it!!

Editor@RPGWatch
Corwin is offline

Corwin

Corwin's Avatar
On The Razorblade of Life
Moderator
RPGWatch Team

#3

Join Date: Aug 2006
Location: Australia
Posts: 12,166
Mentioned: 34 Post(s)

Default 

March 27th, 2007, 02:45
What's so technical about latex?
--
Sorry. No pearls of wisdom in this oyster.
Dallas Cowboys: Zeke Who? / / Detroit Red Wings: Welcome back Stevie
dteowner is offline

dteowner

dteowner's Avatar
Shoegazer

#4

Join Date: Oct 2006
Location: Indiana, USA
Posts: 12,617
Mentioned: 8 Post(s)

Default 

March 28th, 2007, 22:40
dte, you devious type, it took me hours to get that.

Spoiler
--
Where there's smoke, there's mirrors.
magerette is offline

magerette

magerette's Avatar
Hedgewitch

#5

Join Date: Oct 2006
Posts: 7,929
Mentioned: 0 Post(s)

Default 

March 29th, 2007, 02:29
I still don't 'get it'!! Must be an americanism!!
--
If God said it, then that settles it!!

Editor@RPGWatch
Corwin is offline

Corwin

Corwin's Avatar
On The Razorblade of Life
Moderator
RPGWatch Team

#6

Join Date: Aug 2006
Location: Australia
Posts: 12,166
Mentioned: 34 Post(s)

Default 

March 29th, 2007, 13:00
Pretty nice, entertaining and deep article. I've never seen anything going into such details (no doubt there are such articles out there but I've never tried to find one).
Danicek is offline

Danicek

Danicek's Avatar
Sentinel

#7

Join Date: Nov 2006
Location: Frýdek-Místek, Czech Republic
Posts: 418
Mentioned: 0 Post(s)

Default 

March 29th, 2007, 13:34
I just heard today that hackers have begun opening WLAN hot spots with similar names than those of commercial companies - and are opening them for everyone who needs a hot spot. THEN they ask for money …

Yuck.
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR
Original Sin 1 & 2 Donor

#8

Join Date: Nov 2006
Location: Old Europe
Posts: 18,735
Mentioned: 16 Post(s)

Default 

March 29th, 2007, 15:50
Originally Posted by Corwin View Post
I still don't 'get it'!! Must be an americanism!!
AFAIK, it's a world-wide brand. Gotta get down in the gutter with me, Corwin. Apologies to Alrik for soiling a serious thread.
--
Sorry. No pearls of wisdom in this oyster.
Dallas Cowboys: Zeke Who? / / Detroit Red Wings: Welcome back Stevie
dteowner is offline

dteowner

dteowner's Avatar
Shoegazer

#9

Join Date: Oct 2006
Location: Indiana, USA
Posts: 12,617
Mentioned: 8 Post(s)

Default 

March 30th, 2007, 12:31
To get it back on topic…

When reading this, one has to conclude that there is no real way to avoid this. You don't have to go to xxx sites, you don't have to be dumb to click on strange message boxes. You simply visit normally looking site and the rest is done for you.

I would say that bit advanced users are protected not thanks to their knowledge but thanks to the fact that they are usually using different browser (note: I'm not saying that IE is the worst but it is the most used so holes in it are looked for and used). Afterall even an advanced user has no chance to identify that a process hidden by rootkit and not identified by antivirus software is there.

Other than that, good firewall may be very important in this scenario. If the information collected has to be used by someone, they must be sent outside.
Danicek is offline

Danicek

Danicek's Avatar
Sentinel

#10

Join Date: Nov 2006
Location: Frýdek-Místek, Czech Republic
Posts: 418
Mentioned: 0 Post(s)

Default 

March 30th, 2007, 23:43
Hehe. I somehow managed to avoid viruses and trojans and the like almost altogether over these past 3-4 years, and I can say I've visited many dubious sites and downloaded many weird things. Yet the world around still twists and turns whenever things like this appears on the internets; I just look at it and snicker inside myself. Like a wise network administrator once told me, "many dvd's, many backups, many systems saved from fists 'n kicks".
--
I dream of a day when chickens can cross roads without their motives questioned.
Khass is offline

Khass

Khass's Avatar
Watchdog

#11

Join Date: Nov 2006
Posts: 135
Mentioned: 0 Post(s)

Default 

April 3rd, 2007, 14:02
I was free of viruses ofer the last months, I think even since two years. Good luck !

One attempt of hackers is to just hack "casual" sites, with which no-one would expect a trojan or real virus to stay inside. And so, the people lower their shields and thus allow the virus/trojan to come in … Even official sites of companies were affected in the past. And here in Germany even a government's site (was I think one or two years ago now).
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR
Original Sin 1 & 2 Donor

#12

Join Date: Nov 2006
Location: Old Europe
Posts: 18,735
Mentioned: 16 Post(s)

Default 

April 3rd, 2007, 19:07
The opening post was a very interesting read….thanks Alrik. It shows how far hackers are prepared to go in todays fraudulent societies.

Malware can be almost as troublesome, even worse in some cases.
i found one in my email titled…."notavirus" (a hard to remove re-spawner)
Wulf is offline

Wulf

Wulf's Avatar
Inquisitor

#13

Join Date: Oct 2006
Location: North-West England
Posts: 1,107
Mentioned: 0 Post(s)

Default 

April 4th, 2007, 00:32
I think malware has now superceded viruses as the bane of computing!!
--
If God said it, then that settles it!!

Editor@RPGWatch
Corwin is offline

Corwin

Corwin's Avatar
On The Razorblade of Life
Moderator
RPGWatch Team

#14

Join Date: Aug 2006
Location: Australia
Posts: 12,166
Mentioned: 34 Post(s)

Default 

April 5th, 2007, 22:02
Somewhat on topic, any WoW players hope you have heard of this one

Interesting to hear that you can blackmarket sell a WoW account for more than a credit card!
--
Where there's smoke, there's mirrors.
magerette is offline

magerette

magerette's Avatar
Hedgewitch

#15

Join Date: Oct 2006
Posts: 7,929
Mentioned: 0 Post(s)

Default 

April 6th, 2007, 08:50
Originally Posted by Corwin View Post
I think malware has now superceded viruses as the bane of computing!!
Yeah, in most cases it is far better to have your harddrive formatted than to have your credit card data stolen.
Danicek is offline

Danicek

Danicek's Avatar
Sentinel

#16

Join Date: Nov 2006
Location: Frýdek-Místek, Czech Republic
Posts: 418
Mentioned: 0 Post(s)
RPGWatch Forums » General Forums » Off-Topic » Anatomy of a Trojan
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 07:58.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
vBulletin Security provided by DragonByte Security (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging (Lite) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright by RPGWatch