Wow, this is really worrisome, sophisticated, targeted and (I think) effective attack: Trojan.Bayrob Strikes Again! A mix of social engineering and advanced malware.
Friday, November 2, 2007
More On Malware - Trojan.Bayrob
Labels: Malware
Subscribe to:
Post Comments (Atom)
6 comments:
If you asked me what can be done, I would answer - digitally sign every page (this for site developer) and check the signature before making decision (this for site user).
This won't work - if you ran the trojan, it has full access to your computer with rights of current user.
Yes, I know that it's like cat-and-mouse game, but in this case (every page is signed and signature is available on each page, for example, at the bottom) Trojan has to forge signature checker's output. This is difficult if you have a number of means to check signature. Remember, that you can check signature not only with special soft but also by putting it into online web form, etc.
I think my proposal is better then doing nothing and it can reduce the probability of getting circumvented by this Trojan. BTW, you can even get to know that you're infected!
Very funny.
1) What if the trojan just removes the signature? What would average user do?
2) Can you imagine manually checking signature for _every_ web page you visit? I won't do that, would you?
It seems like you are trying to propose the solution for a case when your computer is already infected with the trojan. I think in this case it is more efficient to not let the trojan to infect the computer in the first plane.
I think in this case it is more efficient to not let the trojan to infect the computer in the first plane
Of course it is! But I'm trying to use layered approach. It's obvious that nobody wants to be infected, and if you know that you're infected you'll try to cure computer first of all. You'll continue use eBay (or what ever) ONLY if you don't know that you're in trouble. So, this Trojan will not work if you realize that you're infected.
If you visit site without signatures and know that they should be, you'll understand that you're infected - and that's only what you need - go and clean yourself first :-)!
Here are recommendations how to withstand this:
http://www.symantec.com/enterprise/security_response/weblog/2007/11/how_to_buy_a_fake_jeep_trojanb.html
Post a Comment