Watch out: Trojans disguise computer viruses and worms

Named after the mythical Trojan horse, computer trojans contain malicious code, such as viruses or worms.

Gene Fisk of DZero had a tough start to his new year. In the first week of January, a good friend and physics colleague had passed away, and he'd spent several days contacting physicists about the funeral. So when he sat down in his office the morning of January 9th and found an e-mail greeting card in his inbox, he opened it. "Under normal circumstances, it's something I wouldn't have done," said Fisk. But when he did, instead of a sympathetic message, he found that the card wouldn't launch. Within moments, his server connection had disappeared.

The message was an e-mail phishing scam intended to compromise Fisk's computer. It downloaded a file, called a trojan, which installed an internet relay chat on Fisk's computer. This IRC allowed the attacker to remotely control the computer while blending in among its legitimate applications. "They hide in plain sight," said Joe Klemencic, security coordinator for the Computing Division. Groups of compromised computers running malicious code allow attackers to access and command all the computers at once, said Mark Leininger, CD's Security Manager. The capabilities of this kind of virus range from profiling and data mining to recording every keystroke.

In Fisk's case, the trojan was so sophisticated that the computer's security system did not detect it. The attackers know the security technology and find ways to exploit it, said Klemencic. "This machine was properly patched and running current antivirus software and was still compromised. Our users are our final line of defense," added Leininger. In addition to avoiding e-mails that have suspicious subjects or senders, the CD team advises employees not to read e-mails in html format, not to click on links in e-mails, and not to open unknown attachments.

Fisk's desktop was down for more than a week while CD ran security checks, removed the virus, reformatted his hard drive and reinstalled its software and files. Fortunately, the trojan did not spread to any other machines. And fortunately for Fisk, his files were backed up on a DZero server and he used a laptop to continue work. But the experience has driven home what he calls that "old admonition": don't trust your e-mail.

Fermilab users can scan their systems for vulnerabilities using CD's ScanMeNow or the new nessquik, available on Fermilab's security website.

The Stanford Daily
February 20, 2007

In a space of less than a meter, a team of physicists at the Stanford Linear Accelerator Center (SLAC) managed to accomplish something that normally requires the accelerator's entire three-kilometer length: They increased the energy of an electron by 40 billion volts.

This technological development might signal the beginning of the end for massive multi-billion-dollar "conventional" accelerator technology. Or it might not.

Using a new technology called plasma wakefield acceleration, scientists from SLAC, USC and UCLA managed to double the energy of an electron that emerged from the linear accelerator to a level that was close to the facility's maximum. Their findings were published in "Nature" on Feb. 15.

"We're trying to invent technology to build another [type of] particle accelerator," said SLAC physicist Mark Hogan, one of the "Nature" paper's co-authors.
Read More