|
Zombie Computers
on the Attack
Douglas Chick
 The
Xombe (Zombie)Trojan program which begins by tricking its victim into
visiting a fake Microsoft website for a security update and then embeds
itself into the unsuspecting computer like a tick. Xombe is a Trojan because
it doesn't posses the ability to invade a computer system like a worm would,
the program lures it's host literally into a false sense of security.
The executable program is attached to the e-mail and is cleverly
titled, "Windows XP Service Pack 1 (Express) - Critical Update"
and sent from windowsupdate@microsoft.com
When ran, the Trojan downloader connects to the Internet and
downloads and activates another Trojan on a victim's computer.
A sophisticated computer user would never fall for such a
blatant trick, but programs like this aren't aimed at the sophisticated
computer user. With this and other electronic parasites the question always
arises, why do people create such programs and what do they expect to gain?
Viruses and or intrusion programs do one of three things;
they either annoy, destroy, or misappropriate data from its victims
computer. There doesn’t seem to be a lot of programs out there intended to
destroy computers. Despite what you see in the movies; there are not that
many evil geniuses. Most acts of destruction are carried out in a very
low-tech manner. As for programs designed to annoy, most intelligent people
are very annoying and many suffer from high levels of low self-esteem. This
combination unfortunately accounts for some of the more popular viruses and
Trojans that you might read about. The third type of Trojan may be one or
several hundred that no one ever hears about; this is the Trojan program
that is designed to harvest data.
Harvesting the Internet for Data
Many American’s don’t know just how lucky they are to
live in a country with such abundant resources like we have in the U.S. What
may easily be overlooked, as everyday items here can be a generation away,
or more for people in other countries. The old adage that knowledge is power
may very well be the driving forces behind many computer viruses.
Data is turned into knowledge and knowledge into power.
The faster a Trojan or Virus can populate the more data can be collected and
the more money can be made as a result. I have no doubt that what data is
stored in your computers cookies can be turned into big money. Word
documents from a million computers might hold the next 100 novels.
Spreadsheets of your monthly bills can be a marketing company statistic.
Employees that innocently take work home to do can cost their company
millions if lifted from an unsecured computer. Identities, credit card
numbers, bank account numbers, social security numbers…like the commercial
says, “What’s in your wallet?” probably the same thing that’s in
your computer cache.
If you’re going to participate on the information
highway, you must take steps to insure that it’s not your information
being highwayed. (I realize that isn’t a word) It’s enough to tell a
computer person that he or she needs a firewall, or NAT, virus protection
and check daily for security patches, but most people aren’t very computer
savvy. It’s enough for most of these people just to be able to barely
manage basic computer operations. If software companies can not protect
their software against attacks than the normal computer user will become
discouraged and frustrated and may ultimately give up the Internet and that
loss of funds may result in no Internet for the rest of us.
Douglas Chick
www.thenetworkadministrator.com
Xombe Trojan Details
The website used by the Trojan program is
gamemanics.org and has been disabled and the Xombe Trojan can no longer be
active anymore.
When
the trojan was first intercepted the website instructed the clients to
download a DLL file.
http_f.dll
http_f.dll
is an HTTP client which is apparently used to perform a Distributed
Denial-of-Service attack on a website that hosts forums.
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssvc]
More
Information about Xombe Trojan
|
