Problem solve Get help with specific problems with your technologies, process and projects.

Are there effective tools that can determine if Storm and Nugache Trojans have been installed?

When trying to trace Trojans, antimalware tools are indispensible. But which tools are the best? In this security threats expert response, learn which tools are the best for determining if your system has been infiltrated.

The article titled Storm, Nugache lead dangerous new botnet barrage was disturbing. Are there effective tools that can determine if these Trojans have been installed?
The best tools we have available today are the antimalware tools that include antivirus and antispyware functionality. The antivirus vendors constantly release new signatures and heuristic functions that try to detect recent widespread bots. Microsoft has also released and constantly updates its open source Malicious Code Removal tool, which deletes some, but not all, of the most virulent bots. However, there is always an inherent lag between the time the bad guys release their latest variant and when the vendors update their tools to detect it. That lag time could range from a day to several weeks, depending on whether the given malware is widespread enough to get attention from the vendor.

While antimalware tools will do most of the heavy lifting on bot detection, technically sophisticated users and certainly system administrators can analyze their machines to try to look for anomalies. I've written several articles on how to do this, including this detailed one on how to find malware on your Windows box.

One of the most useful tools in our arsenal is the humble netstat command. When run at a Windows command line with the "--nao 1" option, it will show all TCP and UDP port activity on a machine, displaying the process ID number every second. Because bots need to communicate with their botnet controller or peer-to-peer network; this technique can be used to look for unexpected communicating sessions on machines to identify a bot.

More information:

This was last published in February 2008

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.