Information leakage through Trojans
According to the most optimistic estimates, one in every three computers is infected by some kind of malicious software/Trojan/virus, or whichever sensationalist name you prefer to put to these little naughty programs that control our computer with premeditation and deliberation. Actually, there are reasons to think that the real percentage is higher than one third, and that it affects equally all conceivable human profiles: clients, entrepreneurs, civil servants, home cinema users, internetized grandpas and grandmas, teenagers immersed in social networks, etc.
Of course, information leakage can be regarded as more or less critic depending on the nature of the stolen data, but the modus operandi is generally always the same: infection, information theft and unauthorized use of the computer, and finally the stolen information is sent to a remote site of dubious reputation.
The first step is infection. To do this, there are various options available; from classic attachments received in our e-mail inbox, USB drives given by a friend containing documents of photos of our last holidays, downloads from P2P networks, all the way to the most common and powerful infection vector, i.e. a visit to the web site of one of our providers, our children’s school, a friend’s blog or our travel agency.
Once infected, the Trojan has three main objectives, precisely the same as a parasite: first, to go as unnoticed as possible; then, to steal important information, and finally to use the host computer for all kinds of activities. In the case of home users, the most sought after data are access credentials to bank accounts, personal and corporate e-mail addresses, contacts (to attack them too), information from social networks – in order to send credible e-mails or impersonate the victim – or any other type of useful information.
Users in professional environments, in addition to share corporate and domestic data, have information that’s critical for the organization they work for: remote access credentials, documents with sensitive information, access to other resources… On top of it all, it is just a matter of time that one rotten apple ends up spoiling the whole basket. That is the way in which many of the existing Trojans work – especially those made in Asia; they take advantage of having one machine under control to compromise the whole network connected to it, using numerous techniques and tricks to infect shared documents, USB disks, Internet downloads, etc.
Once the data has been stolen, the only thing left to do is send it to the so-called C&C (Command & Control) panels, where data from thousands of computers is stored, so that the scammers can search for the information they need through data mining techniques. The most common method to stealthily send data is to use the web to interact with these C&C panels, making it look as if the users were browsing the legitimate website, when they actually are sending data to a remote server that gathers the commands to be executed.
One of the main problems in relation with information leakage is the little awareness among the public at large. Indeed, it is also known as the stealthy threat. In some occasions, inexperienced users can notice that their machines are being kidnapped, either because the operating system has stopped working properly or because anti-all-and-everything application warns them. In any case, there’s not much the user can do about it without specialized help.
If you realize that from time to time dialog boxes or strange error messages turn up on the screen, the operating system or your downloads are slower than usual, or your online banking application asks for more data than necessary, the most probable explanation is that your computer is now a techno-zoo, with all families and genres of animals sharing space with your chips and drives. The best option is to re-install the operating system from scratch.
What can we do to avoid being subjected to this? 100% security doesn’t exist, but with a good balance of common sense and good IT habits, we can stay protected against these threats.
Director S21sec e-crime