A Website Dedicated to Computer Professional...and some not so Professional

Zombie Computers on the Attack
Douglas Chick


The Xombe (Zombie)Trojan program which begins by tricking its victim into visiting a fake Microsoft website for a security update and then embeds itself into the unsuspecting computer like a tick. Xombe is a Trojan because it doesn't posses the ability to invade a computer system like a worm would, the program lures it's host literally into a false sense of security.  The executable program is attached to the e-mail and is cleverly titled, "Windows XP Service Pack 1 (Express) - Critical Update" and sent from windowsupdate@microsoft.com  When ran, the Trojan downloader connects to the Internet and downloads and activates another Trojan on a victim's computer.

A sophisticated computer user would never fall for such a blatant trick, but programs like this aren't aimed at the sophisticated computer user. With this and other electronic parasites the question always arises, why do people create such programs and what do they expect to gain?

Viruses and or intrusion programs do one of three things; they either annoy, destroy, or misappropriate data from its victims computer. There doesnít seem to be a lot of programs out there intended to destroy computers. Despite what you see in the movies; there are not that many evil geniuses. Most acts of destruction are carried out in a very low-tech manner. As for programs designed to annoy, most intelligent people are very annoying and many suffer from high levels of low self-esteem. This combination unfortunately accounts for some of the more popular viruses and Trojans that you might read about. The third type of Trojan may be one or several hundred that no one ever hears about; this is the Trojan program that is designed to harvest data.

Harvesting the Internet for Data

Many Americanís donít know just how lucky they are to live in a country with such abundant resources like we have in the U.S. What may easily be overlooked, as everyday items here can be a generation away, or more for people in other countries. The old adage that knowledge is power may very well be the driving forces behind many computer viruses.

Data is turned into knowledge and knowledge into power. The faster a Trojan or Virus can populate the more data can be collected and the more money can be made as a result. I have no doubt that what data is stored in your computers cookies can be turned into big money. Word documents from a million computers might hold the next 100 novels. Spreadsheets of your monthly bills can be a marketing company statistic.  Employees that innocently take work home to do can cost their company millions if lifted from an unsecured computer. Identities, credit card numbers, bank account numbers, social security numbersÖlike the commercial says, ďWhatís in your wallet?Ē probably the same thing thatís in your computer cache.

If youíre going to participate on the information highway, you must take steps to insure that itís not your information being highwayed. (I realize that isnít a word) Itís enough to tell a computer person that he or she needs a firewall, or NAT, virus protection and check daily for security patches, but most people arenít very computer savvy. Itís enough for most of these people just to be able to barely manage basic computer operations. If software companies can not protect their software against attacks than the normal computer user will become discouraged and frustrated and may ultimately give up the Internet and that loss of funds may result in no Internet for the rest of us.

Douglas Chick
www.thenetworkadministrator.com

Xombe Trojan Details

The website used by the Trojan program is gamemanics.org and has been disabled and the Xombe Trojan can no longer be active anymore.

When the trojan was first intercepted the website instructed the clients to download a DLL file.

http_f.dll

http_f.dll is an HTTP client which is apparently used to perform a Distributed Denial-of-Service attack on a website that hosts forums.

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssvc]

More Information about Xombe Trojan




ComputerGeeks.com
Search Now:
 
In Association with Amazon.com