Tip

Exterminating non-viral malicious code

Viruses are rampant. But all too often, when security professionals focus on the detection, protection and removal of viruses, they overlook another common form of malicious code -- namely non-virus but destructive or security subverting -- known as Trojan horses and hacker toolkits.

Non-virus malicious code does not self-replicate -- it does not spread itself across a network or even throughout a computer. Instead, Trojan horses and hacker toolkits are either planted by hackers and intruders, or users are tricked into downloading and installing them. Their primary purpose is not destruction, but rather to gain access and gather information. Such code is designed to remain hidden as long as possible, to avoid triggering an antivirus scanner and to affect the system's performance as little as possible. The longer non-viral malicious code can remain on your system, the longer it has to perform its primary mission.

The number of Trojan horse and hacker toolkits circulating the Internet and private/disconnected networks is alarming. The types of code includes key loggers, remote administration Trojans, unsecured commercial remote administration tools, hacker toolkits, DDOS zombie agents, spy ware, ad ware, bots and more.

Fortunately, you don't have to be aware of every package to protect your network from their ill effects. Primarily, you need to update your security policy with a few key elements:

  • No unapproved software is allowed to be installed onto any system on the network.
  • Only administrators are granted the privilege to install software.
  • Traffic is monitored and filtered across any boundary, whether to the Internet or another private/disconnected network.
  • Intrusion-detection software may be deployed to watch for suspicious activities or known malicious code signatures.

In addition to improving your formalized security policy, you should also employ one or more tools that perform malicious code scanning, detecting, protection and inoculation/removal. There are many excellent tools to choose from, here are a few options that I've tested:

PestPatrol
Moosoft's The Cleaner
Lockdown Corp's Swat It
Digital Patrol

You can find many other selections by using your favorite search engine with the keywords "Trojan scanner."


About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.


This was first published in September 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.