New Trojan beats firewalls

News

New Trojan beats firewalls

Eric Doyle
A malevolent program capable of using a browser to transmit and receive data secretly across a firewall was demonstrated at the DefCon security conference in the US earlier this month.

South African security firm SensePost showed that a program, dubbed Setiri, uses a feature of Microsoft's Internet Explorer to allow hackers to take control of a system without triggering the firewall defences or alerting the user.

After the Setiri Trojan horse is planted on a system, it will launch an "invisible" window. Such windows are used legitimately to execute useful background tasks or specialised Java applets when browsing the Internet.

The contents of the invisible windows do not concern users and may confuse them so Microsoft included the invisibility feature to keep them hidden.

To the system the Setiri window looks like a legitimate browser window launched by the user and allows it to connect to the hacker's computer over the Internet.

Once connected through the browser, the hacker can plant applications to allow activities such as recording key strokes on the host machine or can access and download files.

Security experts attending DefCon in Las Vegas said the demonstration of Setiri has confirmed their fears that the next step in hacking technology will bypass firewall detection.

Although this could be a serious new threat to businesses, Gunther Ollmann, manager of X-Force security assessment services for Internet Security Systems, said Setiri can be overcome as long as companies keep their localised anti-virus software up to date and do not rely solely on firewall protection.

"Anti-intrusion software should allow systems managers to detect unwelcome activity," he said.

"Pop-up stoppers, designed to prevent additional pop-up windows [including invisible windows] from being launched by an existing window could also be used."

Microsoft said it is assessing the risk but has not yet offered users any advice on the subject.

Unix systems left vulnerable by security hole
A security hole has been reported in Sun Microsystem's XDR (External Data Representation) Library which could render Unix operating systems and the Massachusetts Institute of Technology's Kerberos authentication software vulnerable to attack.

The buffer overflow problem could allow hackers to run arbitrary code on affected systems or cause denial of service problems, according to Internet security organisation Cert.

The vulnerable systems so far reported are:

  • Sun Solaris

  • IBM AIX

  • Apple Macintosh OS X

  • Debian Linux.


Cert advised users of these systems to contact their suppliers for patches and fixes.

XDR provides platform-independent methods for sending data from one system process to another over a network connection.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy