Is a new Trojan horse at the firewall?
IT security professionals have found evidence that a stealthy new Trojan horse is infecting networks. Traffic apparently generated by the as-yet-unnamed malware was first reported in May by a security analyst for a Defense Department contractor, said Chris Hovis, director of product marketing for Lancope Inc. of Atlanta. Lancope announced Monday it had confirmed the behavior of suspicious packets on its own honeynet and on the network of a large university. The TCP SYN packets are characterized by a window size in the packet header of 55808. No infected machines have been found, but the Trojan horse apparently listens for packets with this value, which Hovis said are believed to contain encrypted instructions for communicating with controllers. “Based on the activity that we have seen, which looks like probes from zombie hosts, there are likely infected machines that are looking for that identifier,” Hovis said. Full Story