Q

Are there effective tools that can determine if Storm and Nugache Trojans have been installed?

When trying to trace Trojans, antimalware tools are indispensible. But which tools are the best? In this security threats expert response, learn which tools are the best for determining if your system has been infiltrated.

The article titled Storm, Nugache lead dangerous new botnet barrage was disturbing. Are there effective tools that can determine if these Trojans have been installed?
The best tools we have available today are the antimalware tools that include antivirus and antispyware functionality. The antivirus vendors constantly release new signatures and heuristic functions that try to detect recent widespread bots. Microsoft has also released and constantly updates its open source Malicious Code Removal tool, which deletes some, but not all, of the most virulent bots. However, there is always an inherent lag between the time the bad guys release their latest variant and when the vendors update their tools to detect it. That lag time could range from a day to several weeks, depending on whether the given malware is widespread enough to get attention from the vendor.

While antimalware tools will do most of the heavy lifting on bot detection, technically sophisticated users and certainly system administrators can analyze their machines to try to look for anomalies. I've written several articles on how to do this, including this detailed one on how to find malware on your Windows box.

One of the most useful tools in our arsenal is the humble netstat command. When run at a Windows command line with the "--nao 1" option, it will show all TCP and UDP port activity on a machine, displaying the process ID number every second. Because bots need to communicate with their botnet controller or peer-to-peer network; this technique can be used to look for unexpected communicating sessions on machines to identify a bot.

More information:

This was first published in February 2008

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close