The weekend's trojan horse attack on Microsoft was a tiny part of a huge epidemic in lax network security, says
IT security exec Anna Johnson.
AUSTRALIA (ZDNet Australia) - In fact, says the director of Melbourne
security consultancy Shake Communications, the software giant was relatively lucky the trojan only resided on its
servers for a reported six weeks before being discovered.
Companies that have less sophisticated security mechanisms in place often house similar worms indefinitely on
their networks, without ever detecting them, she said.
"Microsoft just happened to find out about it."
A trojan horse program is a malicious program disguised as a common application - such as a joke, a game, or
an applet - that infiltrates a computer system or network via e-mail. Microsoft became the latest high-profile
victim of trojan attack last week, when it discovered a hacker had used the "QAZ" trojan to view confidential
Johnson said six weeks inside Microsoft's servers would be ample time for any good hacker to find and view the
data they wanted.
"That's a long time to get a lot of stuff," she said. Johnson believes most hackers can hit their
bull's eye within minutes.
Investigations in the US are still under way, so the software company says it is not yet able to disclose details
on what data was compromised by the attack. However, a Microsoft spokesperson told ZDNet it was possible the hacker
was able to view source code related to some future company product initiatives. No source code was tampered with
in any way, they said.
Reports say the hacker used the trojan to view key blueprints and source code related to Microsoft's widely
publicised .Net initiative.
Johnson used the Microsoft attack as a warning for companies to ensure their security systems are installed
correctly and updated on a daily basis.
She said anti-virus firewalls and other software security systems were "useless" on their own as protection
against attacks - trojan or otherwise.
She said companies that set up firewalls without an adequate level of expertise risked leaving "ports"
open to hackers, even once the firewall was activated. Ports are those channels of communication - such as email,
file transfer, or Website viewing - that connect an IT system to a network.
"If you leave a port open, then a firewall is as useless as having your back door open," Johnson said.
"A lot of companies don't know how to configure their firewalls correctly."
"You can't just buy a product and think you've got it covered."