Viruses are rampant. But all too often, when security professionals focus on the detection, protection and removal of viruses, they overlook another common form of malicious code -- namely non-virus but destructive or security subverting -- known as Trojan horses and hacker toolkits.
Non-virus malicious code does not self-replicate -- it does not spread itself across a network or even throughout a computer. Instead, Trojan horses and hacker toolkits are either planted by hackers and intruders, or users are tricked into downloading and installing them. Their primary purpose is not destruction, but rather to gain access and gather information. Such code is designed to remain hidden as long as possible, to avoid triggering an antivirus scanner and to affect the system's performance as little as possible. The longer non-viral malicious code can remain on your system, the longer it has to perform its primary mission.
The number of Trojan horse and hacker toolkits circulating the Internet and private/disconnected networks is alarming. The types of code includes key loggers, remote administration Trojans, unsecured commercial remote administration tools, hacker toolkits, DDOS zombie agents, spy ware, ad ware, bots and more.
Fortunately, you don't have to be aware of every package to protect your network from their ill effects. Primarily, you need to update your security policy with a few key elements:
- No unapproved software is allowed to be installed
Requires Free Membership to View
When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.
Margie Semilof, Editorial Director
- onto any system on the network.
- Only administrators are granted the privilege to install software.
- Traffic is monitored and filtered across any boundary, whether to the Internet or another private/disconnected network.
- Intrusion-detection software may be deployed to watch for suspicious activities or known malicious code signatures.
In addition to improving your formalized security policy, you should also employ one or more tools that perform malicious code scanning, detecting, protection and inoculation/removal. There are many excellent tools to choose from, here are a few options that I've tested:
PestPatrol
Moosoft's The Cleaner
Lockdown Corp's Swat It
Digital Patrol
You can find many other selections by using your favorite search engine with the keywords "Trojan scanner."
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
This was first published in September 2002
Join the conversationComment
Share
Comments
Results
Contribute to the conversation