A new Trojan horse lurks at the gates

IT security professionals have found traces of a stealthy new Trojan horse that as yet has no name.

A security analyst for a Defense Department contractor detected it last month, said Chris Hovis, director of product marketing for Lancope Inc. of Atlanta. Lancope last week confirmed the behavior of suspicious TCP SYN packets on its own so-called honeynet and on a large university network.

The packets have a window size of 55808 in the header. The Trojan horse apparently listens for packets with this value, which Hovis said might contain encrypted instructions for communicating.

'Based on the activity we have seen, which looks like probes from zombie hosts, there are likely infected machines that are looking for that identifier,' Hovis said.

Signature-based antivirus software cannot detect the third-generation Trojan horse. Hovis said the FBI and the CERT Coordination Center at Carnegie Mellon University had been notified of it.

'There is nothing there that hasn't been seen before,' said Mary Lindner, CERT team leader for incident handling. 'Every one of these is an event, but the barometer is not rising.'

Hovis said no one yet knows how and how widely the Trojan horse is distributed or what its purpose is. At the current level of activity, he said, the suspicious packets could probe all IP addresses on the Internet every 27 hours.

Administrators can use tools such as TCPdump, which monitors and filters TCP activity, to learn whether their networks are sources of the telltale probing. They can also monitor for aberrant behavior, such as unusual traffic volumes or new ports and services being opened.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected