This information is provided to you FYI/FTR. If you're reading this email then
you are most likely connected to the Internet. Right? Right. How about a
quick show of hands? How many of you are using an anti-virus program? Okay,
okay so most of you. Now, how many of you are using a firewall program? Ah,
where'd all the hands go? This article will present compelling evidence that
you need a personal firewall program on your computer. I conducted a week-long test on my home computer. The results were actually quite scary. I use Pacific Bell as my Internet Service Provider. I pay them about $50/month and they give me a DSL internet connection. DSL and Cable are the two rising (some might argue, established) superstars in the high-speed internet connection market.
I'm flying on the internet. Web pages pop up faster than lightning. Downloads
are almost instantaneous. I'd never want to go back to the sound of a
screeching modem again....no offense to those of you who dial-in to the
Internet. While DSL and Cable are great, there is one tiny security issue.
You're actually ON the internet. You're actually assigned your own address on
the internet when you connect. This makes it pretty easy for no-good-doers to
get to your computer. This article is about something called Trojan Horses.
All of you know about the dangers of viruses because every other month it's the
lead story on CNN....the love bug virus, code red and on and on and on. You
know very well that you need to have an anti-virus software program on your
computer and you need to update that program with the latest virus definitions.
Norton Anti-Virus, McAfee VirusScan and Computer Associates Inoculan are some of the leading anti-virus products out there. While viruses get all the publicity, Trojan Horses may pose the worst threat. Microsoft Corporation defines a Trojan Horse attack as "An attack carried out via software that purports to be useful and benign, but which actually performs some destructive purpose when run." Yeah right. Right? Actually, let me share the results of my experiment and you be the judge. I recently installed a product called Norton Personal Firewall to see what this Trojan Horse fuss was all about. As soon as I installed it, up popped a message that it had indeed found a Trojan Horse on my computer. It identified the file and quarantined it. I later deleted it. Okay, freaky I
thought. With some research I found that it was also referenced in the Windows
Registry, the thing that exists behind Windows that computer geeks know not to
mess with too much unless you really understand it. I found something in the
Windows Registry that was forcing this program to run/initialize every time I
turned on my computer!!! Yes, that was three exclamation points. What scares
me even more was that I was unable to find anymore information about that Trojan Horse through my normal research channels. Okay, so I was thoroughly paranoid at this point. Not yet X-Files-government-conspiracy paranoid but getting there. I decided to carry about my normal internet activities for a week and see what else Norton Personal Firewall would do for me. It turns out that after one week's worth of surfing....maybe 2 hours every evening....it detected AND BLOCKED a total of 6....count 'em six Trojan Horse attacks on my computer. *Expletive deleted*.

Here are the details:

Backdoor/SubSeven Trojan Horse April 26, 2002
3 times in one night (quite a persistent little devil)
-see below for details

Backdoor/SubSeven Trojan Horse April 21, 2002
-see below for details

Backdoor/SubSeven Trojan Horse April 19, 2002
-norton.com: Releases confidential info: Passwords and other confidential files
may be copied from your system. Compromises security settings: Allows other
intruders to have unauthorized access on your system.

NetBus Trojan Horse April 16, 2002
-www.resnet.albany.edu/news/netbus.html: NetBus is a remote exploit very similar to Back Orifice. It allows a hacker to take over control of your computer
including reading and writing to your hard drive, sharing folders on the
network, and making your computer vulnerable to other attackers. Unlike Back
Orifice, NetBus affects Windows NT systems, as well as Win95/98 machines. No other operating systems are vulnerable to this attack.
-norton.com: Netbus.2.Trojan is the client application of the Netbus 2.0 hacker
tool, which is used to gain access and control a system that is running the
server-side application. Quickly skimming over this report, you probably
discovered that there were really only two different types of Trojan Horses
trying to get into to my computer. One of them, the one that goes by the name
Backdoor/SubSeven Trojan Horse*Expletive Deleted again* tried a whopping 5 times to get in. I love the description from norton.com..."passwords and other
confidential files may be copied from your system." Anyone use TurboTax this
year to do your taxes? Hmmmm....yeah, I took that off right away and also moved my tax return files to zip disk. Was it too late? Ugh.
The hacking tools that are available are not that difficult to use. Netbus 2.0
(mentioned in the NetBus Trojan Horse writeup above) can be 'acquired' rather
easily if you know where to look on the internet. It's no wonder all the virus
creators they catch haven't even gone to their senior prom yet. Well, Norton
Personal Firewall is my hero. It showed me that I'm always under attack. Every
time it blocked a Trojan Horse attack its icon would start blinking.
Double-clicking the blinking icon would give me some information about the
attack and attacker. Please keep in mind that a few of my students have
mentioned that they feel inconvenienced by their firewall software. Some
programs are more intrusive than others. Some programs will block internet
access by certain programs and undoing that requires a little bit of navigating
and tinkering. In the end, it's up to you. I give you my experiment as fairly
convincing evidence that your computer may not be as safe as you thought. I
should also mention that I've never had anyone approach me and say that their
financial records were compromised and it was all traced to a Trojan
Horse.....but that doesn't mean it hasn't happened. It's just that a lot of
times these attacks are difficult to trace to actual people. Oh well, maybe
after this newsletter I'll get replies from some victims out there.
Do your own research....but here are some leads if I've convinced you that you
need a personal firewall program. These are three of the most popular:

Zone Alarm http://www.zonelabs.com/
Norton Personal Firewall http://www.symantec.com/sabu/nis/npf/
BlackIce Defender http://www.networkice.com/downloads/

Well, that about does it for this the first edition of FYI/FTR. Hopefully,
you've learned something. If anything, you know that there exists a less
glamorous, potentially more harmful threat on the internet than
viruses....Trojan Horses. May they ride into the sunset and never
return....wishful thinking.

I thoroughly invite your comments, questions and feedback. I'm not saying I'll
respond but I will most likely incorporate some of your feedback into future
versions of "FYI/FTR".

To subscribe or unsubscribe, please email me at namuo32@hotmail.com.

Aloha,


Clyne G. H. Namu`o

(c) Copyright 2002 Clyne G. H. Namu`o
back to top
© 2002 Carolyn J. Doose, Clyne G. H. Namu`o, MCP, ACE, MOUS
| 858-204-2828 | namuo32@hotmail.com | cdoose@hotmail.com | PO Box 23626 San Diego, CA 92193