June 13, 2005 - (HOSTSEARCH.COM) - First their was DNS cache poisoning and now Trojans have surfaced with a new attach strategy identified as “update poisoning.” By adding entries directly into the hosts file, this spyware breaks through firewalls and other anti-virus protection and poisons update functions by pointing notable DNS (domain name service) names back to other inappropriate IP addresses, according to IT professionals. Any type of desktop application which uses regular updates is at risk, including Windows. States Tom Pimienta, Director of Technology at LogiGuard: “I always feared such re-direction might be possible...next thing you know you're downloading what you think are Windows updates but they're not because the website you are downloading from is bogus!” This redirection of updates could wreak havoc on your computer.
This new threat adds yet another harmful application of spyware to the myriad of processes which are used to trick and even defraud innocent users. Update poisoning quietly spawns more spyware that slows and eventually controls your computer. The potential damage that could be caused by this threat is immeasurable because updates are such an important part of PC maintenance. And once contaminated, these infected updates could easily cause multiple headaches which, though not entirely malicious, are still annoying.
Even with firewalls and antivirus programs in place, don't be too confident about the security of your system. Spyware like this could easily slip through the cracks and get “under the rug.” One way to help you uncover this threat in your system is to employ the netstat command which is a common, built-in tool used by system administrators to aid in intrusion detection. Using this tool may help you to detect ports which appear closed but remain open and vulnerable. Checking out the backside information on your hosts file will assist you in determining where the current activity is happening. Engaging several anti-spyware products to capture and remove spyware such as Microsoft Anti-Spyware, SpyPry by LogiGuard, and Spybot Search and Destroy could be beneficial to maintaining the security of your PC. Reformatting your system once a year or so is not a bad idea, either. It flushes out a lot of minor problems and forces you to update all your programs directly from the known source.
This sleeper threat needs more in-depth research. Several companies including LogiGuard, have shown an interest in the further development of a solution to this problem. Whether the application will be server-based or system-based or a combination of the two remains in question. The bottom line—update poisoning is a problem which needs to be solved. This spyware is internal and creates a vicious cycle of downloading that may create a slew of other problems, besides bogus updates.
