Trojans stampede across the web

High percentage of malicious sites contain Trojan horse downloaders

Websites concealing malicious Trojan code are increasing in number faster than ever before, a security firm has warned.

Websense Security Labs reported that a high percentage of malicious sites contain so-called Trojan horse downloaders, and banking Trojans designed to create backdoors through which personal data can be sent to hackers.

Downloaders are placed on a PC to download a banking Trojan which may contain key-logging software to record passwords.

Once installed the key-logging software is used to monitor the behaviour of a user in the hope of catching keystrokes when they enter a banking or e-commerce site.

When this occurs the software captures the details and sends them through HTTP or SMTP, sometimes even including encryption.

In a bid to entice users to visit these sites the web criminals typically use spam email or instant messages.

Websense warned that users should watch out for music-related dedication emails, greeting cards, IT security warnings and fake banking emails.

In the first two weeks of July Websense said it detected 100 malicious websites and 100 unique Trojan horses.

Mark Murtagh, technical director at Websense, said: "This problem is going to get worse. There are now clearly demonstrated links to organised crime in the UK, eastern Europe and Russia.

"They know that this is a lot easier than breaking into banks. One recent scam netted them £6m."

Websense has listed some common characteristics of Trojan horse downloaders:

• Commonly use free hosting services
• Commonly use email and social engineering (emails with believable messages relating to your normal activities or fears)
• Most often use entertainment or IT security related deception techniques
• Most commonly use URLs that are using .scr, .exe, .jpg.exe, .gif and .ex extensions

Websense advised companies to beef up their firewalls and for consumers to consider using some of the popular anti-spyware software such as Ad-Aware and the open source Spybot Search and Destroy.