Problem solve Get help with specific problems with your technologies, process and projects.

Exterminating non-viral malicious code

Be on the lookout for other malicious code like Trojan horses and hacker toolkits.

Viruses are rampant. But all too often, when security professionals focus on the detection, protection and removal of viruses, they overlook another common form of malicious code -- namely non-virus but destructive or security subverting -- known as Trojan horses and hacker toolkits.

Non-virus malicious code does not self-replicate -- it does not spread itself across a network or even throughout a computer. Instead, Trojan horses and hacker toolkits are either planted by hackers and intruders, or users are tricked into downloading and installing them. Their primary purpose is not destruction, but rather to gain access and gather information. Such code is designed to remain hidden as long as possible, to avoid triggering an antivirus scanner and to affect the system's performance as little as possible. The longer non-viral malicious code can remain on your system, the longer it has to perform its primary mission.

The number of Trojan horse and hacker toolkits circulating the Internet and private/disconnected networks is alarming. The types of code includes key loggers, remote administration Trojans, unsecured commercial remote administration tools, hacker toolkits, DDOS zombie agents, spy ware, ad ware, bots and more.

Fortunately, you don't have to be aware of every package to protect your network from their ill effects. Primarily, you need to update your security policy with a few key elements:

  • No unapproved software is allowed to be installed onto any system on the network.
  • Only administrators are granted the privilege to install software.
  • Traffic is monitored and filtered across any boundary, whether to the Internet or another private/disconnected network.
  • Intrusion-detection software may be deployed to watch for suspicious activities or known malicious code signatures.

In addition to improving your formalized security policy, you should also employ one or more tools that perform malicious code scanning, detecting, protection and inoculation/removal. There are many excellent tools to choose from, here are a few options that I've tested:

Moosoft's The Cleaner
Lockdown Corp's Swat It
Digital Patrol

You can find many other selections by using your favorite search engine with the keywords "Trojan scanner."

About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.

This was last published in September 2002

Dig Deeper on Network intrusion detection and prevention and malware removal

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.