Knock out the new trinoo virus
Viruses are nothing new; they've been a serious problem for Windows users for many
years. But this February was marked by the appearance of a new virus that installs the
attack daemons, or zombies, used in distributed denial of service (DoS) attacks.
The new virus implements
four known distributed DoS zombies. trinoo listens
for commands from a master server, then sends floods of User Datagram Protocol (UDP)
packets at a victim. Receiving such floods of data from a single Windows system is not
too troublesome, but these attacks involve dozens or even hundreds of zombies.
The virus version of trinoo can be spread just by
opening email or email attachments, or by downloading and executing code from
questionable sources. Vendors were quick to respond with updates to their
virus-scanning signatures.
McAfee,
Trend Micro, and
Symantec all announced new
signatures within days of the discovery.
The earlier distributed DoS attacks used Linux and Unix systems as hosts. Since
there are so many Windows clients, and Windows is particularly vulnerable to viruses,
the exploitation of Windows machines by hackers in this way means that the potential
for more devastating attacks has emerged.
If you have antivirus software, make sure you download a recent update with the
latest virus signatures. If you don't use current antivirus software, consider getting
some. In the meantime, be on the lookout for unusual behavior, such as a sudden
increase in network activity, which could be caused by the daemon launching an attack.
If you see a sudden increase in traffic, disconnect your system from the network or
the Internet until you can find and remove the daemon. According to
the Razor group at Bindview
Development, which makes a utility called
Zombie Zapper,
the trinoo trojan calls itself
two steps: First, using a registry editor, edit the key service.exe. Then locate the file
on your hard drive and delete it as well (but not
» posted by abennett
ITworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
