"Trojans are being integrated into almost every piece of malicious code," he said. More than anything, hackers today want to amass an army of compromised machines -- typically called zombies -- that they can then use for other purposes.
"A lot of people are worried about the next super worm," he said, "but that's not the real threat we'll see in 2004. The real threat is in Trojan horses. The goal of attackers is really about Trojans and remote control of other computers, for stealing passwords and targeted DoS attacks. It's not about fun and notoriety anymore. It's about money and power."
Security firms, including Symantec, Network Associates, and Sophos, have posted alerts on their Web sites warning users of Trojan.Xombe, but disagree on the severity of the problem. Symantec, for instance, currently ranks the Trojan as a level '2' threat in its 1 through 5 rating system, while Network Associates tags Xombe with a 'low' threat assessment.
The best defense against bogus e-mails carrying nasty payloads? "A lot of people see an e-mail and think that it's true," said Dunham. "But everything should be looked at with a degree of skepticism and concern, rather than trust."
Symantec's Weafer also reminded users that Microsoft never delivers security updates via e-mail, and urged people to scan suspicious messages for tell-tale signs of a scam, such as misspelled words and awkward syntax, both of which are evident in the message loaded with Trojan.Xombe.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
