How Will Your Network Be Compromised?

Written by Darren Miller

You may reprint or publish this article free of charge as long asrepparttar bylines are included.

Original URL (The Web version ofrepparttar 143157 article) ---------------------------------------------


Title ----- How Will Your Network Be Compromised? Complex Hacking - Computer Compromise ------------------------------------------------------ Every time I attend a "Security Guru's" meeting, I'm amazed by how much time and effort is spent on discussing complex hacking and computer compromise of computer networks and systems.

One person is going on aboutrepparttar 143158 latest "heap corruption" vulnerability and another is discussing man-in-the-middle techniques for compromising remote access systems. Most of these vulnerabilities are very difficult to successfully exploit. Some of them require specific host platforms, special tools, in-depth knowledge of many programming languages, and a lot of luck.

I'm not saying there are not tons of vulnerabilities and exploits like these, it's just that they are not always easy to take advantage of, and therefore, may not present themselves as high risk events for most organizations.

It's The Little Things The Will Get You Every Time -------------------------- During security assessments, there are times when I am able to successfully exploit a "technical" vulnerability to gain system or internal network access. For instance; during a recent assessment, I identified a web application server that appeared to be vulnerable to an IIS / ASP vulnerability that would allow an attacker to dump all .ASP code onrepparttar 143159 server. After some effort and a little C/C++ code, I was able to take advantage of this exploit. After perusing throughrepparttar 143160 .ASP code onrepparttar 143161 server, I was able to gain important information that resulted inrepparttar 143162 comprise of an internal system.

However,repparttar 143163 reality is it isrepparttar 143164 simple things that arerepparttar 143165 biggest problem. Most times, internal network compromise is repparttar 143166 result of one or more ofrepparttar 143167 following:

The installation of a web support application that has little to no security features to begin with;

The installation of support software that has a well-known default password forrepparttar 143168 admin account. And,repparttar 143169 person installingrepparttar 143170 software never bothers to changerepparttar 143171 password;

Improperly configured communications devices such as routers and switches;

Three-pronged Trojan attack threatens security on the Internet.

Written by MicroWorld Technologies Inc.

Two is company. Three is a crowd. If one is not enough, use two, if two is not enough, use three. This isrepparttar credo behindrepparttar 141647 co-ordinated Trojan threat looming onrepparttar 141648 horizon. If you thought you've seen everything there was to see of virus threats, think again. Experts are saying this is "unprecedented", and could berepparttar 141649 next big one.

Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names of a modern day version of The Three Musketeers. These are Trojans engineered for a hacker attack that will infect computers and open them for use in further attacks.

"Combating computer viruses is essentially a game of hide and seek," says Govind Rammurthy, CEO, MicroWorld Technologies, amongrepparttar 141650 leading Security Solutions providers. "Hackers riding piggyback on viruses have only a short window of opportunity to maximize their gain beforerepparttar 141651 viruses are detected, neutralized and logged into Virus Definition databases, 'vaccinating'repparttar 141652 system against those strains.

Without continuing system vulnerability caused by virus infection there is little they can do to further their malicious ends like stealing personal information, credit card details and other sensitive and vital data. To achieve their ends they need to keeprepparttar 141653 system vulnerability going for more time. This co-ordinated Trojan threat is an attempt torepparttar 141654 keep that 'backdoor' open, essentially buying time," he concludes.

Ofrepparttar 141655 three, Glieder leadsrepparttar 141656 initial charge. It sneaks past anti-virus protection to download and execute files from a long, hard-coded list of URLs and "plant"repparttar 141657 infected machine with "hooks" for future use. On Windows 2000 and Windows XP machines, it attempts to stop and disablerepparttar 141658 Internet Connection Firewall andrepparttar 141659 Security Center service (introduced with Windows XP Service Pack 2). Thenrepparttar 141660 Trojan accessesrepparttar 141661 URL list to download Fantibag. The way is now paved to launchrepparttar 141662 second stage of attack.

Sulabh, a tester with MicroWorld Technologies says of Fantibag, "Now Fantibag goes about attackingrepparttar 141663 networking feature ofrepparttar 141664 infected system to prevent it from communicating with anti-virus firms and denying access torepparttar 141665 Microsoft Windows Update site. It closes your escape route by making it impossible to download an anti-virus solution and any subsequent Windows security patch to your system. Effectively it helps Mitglieder (the third stage Trojan) openrepparttar 141666 'backdoor' by shuttingrepparttar 141667 other doors on you."

Cont'd on page 2 ==> © 2005
Terms of Use