Beware of the Trojans!

Beware of geeks bearing gifts -- thats the message from security vendor Symantec Corp. (Nasdaq: SYMC), which this morning released its latest Internet Security Threat Report (see Symantec Reports on Internet Security).

The report reveals that attackers are becoming increasingly devious in their attempts to get hold of your data and Trojan horses, in particular, are causing data center managers to reach for the Advil. And Benzodiazepines.

This is scary stuff. Trojan horses, like the wooden horse in Homer’s Odyssey, appear harmless enough but carry malicious code capable of causing mayhem throughout your systems.

More worryingly still, one IT manager that NDCF contacted says there are relatively few technologies on the market to protect against these types of attack.

”There are solutions out there, but there doesn’t seem to be a lot of them,” says Harry Schuessler, network manager at Woodbury, N.Y.-based Overseas Military Car Sales.Schuessler is certainly taking this threat seriously. “All the Trojan horses that we run into open up the back doors for spyware to get into the network,” he says.

So, how is he tackling the problem? “We’re looking at the Webroot, Inc. SpySweeper enterprise solution,” he explains. “We have deployed it on the servers at about half a dozen locations -- it is finding and blocking things and doing its job.”

Schuessler is also looking forward to seeing the anti-Trojan, anti-spyware, and anti-malware features in the new version of Symantec’s Norton anti-virus product. “We will deploy that too,” he adds.

But Trojan horses are just one of the many problems IT managers face. Threats against Web applications are also increasing, according to Symantec.

Symantec found that nearly 48 percent of all vulnerabilities in the last six months of 2004 centered on Web applications, up from 39 percent in the previous six-month period.Web applications are fast emerging as many organizations’ Achilles heel. Because Web applications are typically deployed across a number of servers, attackers can get around traditional perimeter security features such as firewalls.

A number of IT managers have already voiced concerns to NDCF about the issue of Web services, citing both performance and security issues (see Web Services Hit Glass Ceiling ).

Another security area identified as a problem by Symantec is phishing, which is a method for obtaining confidential information such as passwords, credit card numbers, and other financial information through fraudulent means.

Phishing was one of the major talking points at the recent RSA Conference in San Francisco. Some of the industry’s big names used the event to weigh in on the issue (see Chambers Sells Self-Defending Networks and Gates Opens Up on Security)

Despite vendors’ efforts to tackle this threat, there is a growing fear that terrorist groups could exploit phishing to fund their activities (see U.S.: Al Qaeda Eyeing Cyber Threats).— James Rogers, Site Editor, Next-Gen Data Center Forum