December 15, 2000, 10:34 AM — A new variety of "Trojan Horse" that broadcasts victims' files on the Internet is making its way into the mainstream, antivirus vendors warn.
While the strain compares to the Melissa and Explore.Zip worms in that it uses e-mail systems for self-perpetuation, it differs in its ability to broadcast the information from a victim's hard drive to Internet Relay Chat (IRC) channels around the world.
An IRC channel might be described as the Internet equivalent oof citizens band radio, according to experts. Hundreds of IRC channels on numerous subjects are hosted across the Internet.
"This type of virus is best for targeted attacks," said Dan Schrader, vice president of new technologies at Cupertino, Calif.-based Trend Micro Inc. "If it happens to get on the machine of someone with lots of confidential information, there are huge privacy implications."
For example, confidential company information about acquisitions, initial public offerings or income sources could end up available to anyone on the Internet, he said.
Viruses that employ IRC as a means to retrieve victims' information have been around for about two years, Schrader said. But the first to hit the mainstream -- what virus experts call moving from a laboratory to being released "into the wild" -- was the PrettyPark virus, which debuted in France earlier this month.
PrettyPark spreads itself via an e-mail attachment bearing the icon of a character from South Park, a popular cartoon series. Once opened, the virus takes sensitive system information, such as user passwords, and posts it on multiple IRC channels.
Fortunately, PrettyPark seems contained inside France because its mechanism for
e-mail-based self-perpetuation isn't very good, Schrader said.
"But this is sure a sign of things to come," he warned. "And it's starting to really hit home for security professionals." According to Schrader, information technology shops have long relied on encryption and firewalls to protect highly sensitive information. But if someone gets your passwords and seems to be coming from a trusted source, encryption and firewalls can be thwarted, he said.
Schrader said the best defense against Trojan Horse e-mail viruses is end-user education -- and, of course, updated virus-scanning software. Companies should also consider developing broad policies related to e-mail attachments. For instance, companies might consider banning attachments containing macros.
"Everyone needs to think before opening attachments," advised Richard Jacobs, president of Sophos Inc., a data security company in Woburn, Mass. "Viruses can't exist in the text of an e-mail, so they don't get the chance to operate unless they're launched."