Viruses are rampant. But all too often, when security professionals focus on the detection, protection and removal of viruses, they overlook another common form of malicious code -- namely non-virus but destructive or security subverting -- known as Trojan horses and hacker toolkits.
Non-virus malicious code does not self-replicate -- it does not spread itself across a network or even throughout a computer. Instead, Trojan horses and hacker toolkits are either planted by hackers and intruders, or users are tricked into downloading and installing them. Their primary purpose is not destruction, but rather to gain access and gather information. Such code is designed to remain hidden as long as possible, to avoid triggering an antivirus scanner and to affect the system's performance as little as possible. The longer non-viral malicious code can remain on your system, the longer it has to perform its primary mission.
The number of Trojan horse and hacker toolkits circulating the Internet and private/disconnected networks is alarming. The types of code includes key loggers, remote administration Trojans, unsecured commercial remote administration tools, hacker toolkits, DDOS zombie agents, spy ware, ad ware, bots and more.
Fortunately, you don't have to be aware of every package to protect your network from their ill effects. Primarily, you need to update your security policy with a few key elements:
- No unapproved software is allowed to be installed onto any system on the network.
- Only administrators are granted the privilege to install software.
- Traffic is monitored and filtered across any boundary, whether to the Internet or another private/disconnected network.
- Intrusion-detection software may be deployed to watch for suspicious activities or known malicious code signatures.
In addition to improving your formalized security policy, you should also employ one or more tools that perform malicious code scanning, detecting, protection and inoculation/removal. There are many excellent tools to choose from, here are a few options that I've tested:
You can find many other selections by using your favorite search engine with the keywords "Trojan scanner."
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
This was first published in September 2002