Lies. All lies.
"The Trojan definitely downloads malicious code and installs it on the system," confirmed Dunham. By his analysis, Trojan.Xombe downloads a back-door IRC Trojan horse to the compromised machine. Once that's installed, attackers can access the PC undetected, add other code to the computer -- such as key trackers for acquiring passwords -- and use the machine to launch DoS attacks on other machines.
Trojan.Xombe, and socially engineered attacks like it -- including phishing expeditions such as the MiMail worm, another exploit that pretends to be something it isn't in the hope that people will open the file attachment -- are the confirmation security professionals were looking for that 2004 will be a rough, rocky year.
"Attackers use the social engineering trends of the moment," said Vincent Weaver, senior director of Symantec's security response center. Touting a security update is only natural for hackers, he added, what with the increased awareness of many computer users of ongoing security issues with Windows.
Trojan.Xombe is also a good example of another trend first spotted in 2003, but certain to continue this year, said Dunham.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
