Don't Believe the Hype?

According to Patrick, this is a two step infection. The initial component of the infection is an executable file available for download from an adult newsgroup and representing itself as a movie file. Upon download and execution, the program, similar to various other downloader viruses that have already been defined, appears to do nothing, as if the file was corrupted. However, this is not the case.

Upon execution, this file actually calls to a web site for the download of another file, a trojan similar to the Backdoor SubSeven infection. This trojan, like other backdoor viruses, opens a security breach to the victim's computer system, enabling the controller or monitor of the virus access to the victim's system via the Internet. This trojan has been removed from the web site, so it can no longer be downloaded.

Initial speculation indicates that the intention of this particular infection is to enable the trojan's controller to use the infected systems as "zombie" systems to initiate Denial of Service attacks. All current information indicates, though, that although there is (or was) a potential for outbreak, the danger initially ascribed to this infection has not been confirmed.

Users of DSL, cable, or leased-line Internet connections are considered to be more vulnerable to the type of attack associated with infection by backdoor viruses. These connections are not more vulnerable to the download, but may be easier prey once the virus has taken hold, simply because these users are more likely to have connections that remain "on" all the time, and more often have static IP addresses.

Patrick suggested that the use of some type of Firewall software is excellent proof against this and other types of attacks. Firewalls can detect and prevent activity such as this.

Patrick advised that Symantec and other anti-virus companies are currently monitoring this infection. Definition files for this particular trojan are in development. There is currently no cause for alarm, as the Serbian Badman Trojan seems to be causing more hype than hurt.

For information on this and other types of backdoor viruses, you can visit the Symantec Anti-Virus Research Center Virus Encyclopedia and search for "backdoor."