General Security Concepts: Attacks • Chapter 2  85

                         to spontaneously reboot. It affected networks including those of Delta
                         Airlines, Goldman Sachs, and the British Coastguard.

                      ■  The Zotob worm in 2005 used a vulnerability in Microsoft Windows’s
                         Plug-and-Play service to spread through networks. It was prominent in
                         that it infected CNN computers and so was reported live on television.A
                         year later, a Moroccan teenager was sentenced for its creation.

                    It’s easy to see that effective protection against many worms is the timely and
                 prompt installation of patches released by software vendors, especially Microsoft
                 because of its market presence. It is also important to correctly configure firewalls
                 to allow only necessary ports both inbound and outbound: Slammer, Blaster and
                 Sasser replicated using Network Basic Input/Output System (NetBIOS) and SQL-
                 Server ports, which should not be allowed exposed outside the enterprise network.

                 Trojan Horses

                 A Trojan horse closely resembles a virus, but is actually in a category of its own.
                 The Trojan horse is often referred to as the most elementary form of malicious
                 code.A Trojan horse is used in the same manner as it was in Homer’s Iliad; it is a
                 program in which malicious code is contained inside of what appears to be harm-
                 less data or programming. It is most often disguised as something fun, such as a
                 cool game.The malicious program is hidden, and when called to perform its func-
                 tionality, can actually ruin your hard disk. One saving grace of a Trojan horse, if
                 there is one, is that it does not propagate itself from one computer to another (self-
                 replication is a characteristic of the worm).
                    A common way for you to become the victim of a Trojan horse is for someone
                 to send you an e-mail with an attachment that purports to do something useful.To
                 the naked eye, it will most likely not appear that anything has happened when the
                 attachment is launched.The reality is that the Trojan has now been installed (or ini-
                 tialized) on your system.What makes this type of attack scary is the possibility that
                 it may be a remote control program.After you have launched this attachment,
                 anyone who uses the Trojan horse as a remote server can now connect to your
                 computer. Hackers have tools to determine what systems are running remote con-
                 trol Trojans, which can include communication over chat networks, e-mails, or Web
                 pages, to alert the hacker that a new system has been infected and is available.After
                 the specially designed port scanner on the hacker’s end finds your system, all of
                 your files are accessible to that hacker.Two common Trojan horse remote control
                 programs are Back Orifice and NetBus, which was distributed through the whack-
                 a-mole game.



                                                                              www.syngress.com