'Offensive' trojan can disable systems

A new script that can severely limit user access to infected systems is spreading slowly worldwide, antivirus companies said Friday.

The program, a Trojan horse called either Trojan.JS.Offensive or Trojan.Offensive, can make Windows desktop icons invisible, can prevent users from starting programs or shutting down Windows and even persists when a machine is being used in safe mode, according to information posted on Symantec's antivirus Web site. Luckily for users, Symantec doesn't see wide distribution of the worm yet.

Trojan.Offensive arrives in users' e-mail in-boxes as an HTML e-mail, though it could also be a Web page found on the Internet, if someone posted it there, Symantec said. The Trojan, written in Javascript, presents a button that reads "Start" which, when clicked, activates the script. A variant of the Trojan activates when the file is opened and lacks the "Start" button. When the Trojan is executed, it proceeds to make a series of system-level changes to the configuration of the infected PC, greatly limiting user access to the system.

The Trojan exploits a ten-month-old security hole in Microsoft Corp.'s Java Virtual Machine, said Craig Schmugar, a virus researcher with McAfee's AVERT Labs. Systems which have had the patch Microsoft released applied are not vulnerable, he said.

The combination of an attack tool, called an exploit, and a Trojan is likely to become more common, as will the combination of exploits and worms, of which Code Red was an example, Schmugar said.

"I suspect we will see a lot more use of vulnerabilties (in worms, viruses and Trojans)," he said. In fact, a Web exploiting this same vulnerability and using the same technique, but not using Trojan.Offensive itself, was discovered by AVERT last week, he said. The site has since been taken offline, he said.

Trojan.Offensive is not yet widespread and isn't likely to be, Schmugar said. Unlike a worm, which will often use an e-mail application to resend itself to other potential victims, Trojan.Offensive isn't likely to be able to spread itself because it locks systems up so extensively, he said.

If a PC is infected by Trojan.Offensive, typical users should contact technical support staff immediately, Symantec said. A reinstallation of Windows, a deletion of the Trojan using DOS, or changing the system settings back by hand are ways to remove the infection, Symantec said.

"The average end user is going to have a heck of a time getting around these problems," AVERT's Schmugar agreed.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sam Costello

Computerworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?