--- If you are having trouble reading this email, see the HTML version at !newsletter_url ---

The Trojan Horse style of virus is probably the most wide-spread of all of the current attacks, and as such, is also one of the hardest to avoid. Trojan Horse viruses hide themselves inside of wanted applications, such as audio and video decoders, pirated applications, and even sometimes in legitimate application installers. They are widely distributed through peer-to-peer networks like Limewire and also can be found in Usenet forums. They have a widely varied payload, and target all common computers, and even mobile devices. A Trojan Horse virus that arrived earlier this year, coined "iBotNet" by media sources, was considered the first successful threat to Mac OS X users, hiding itself in pirated copies of iLife and iWork, and we can only expect the iPhone to be a huge target in the months to come.

The most common infection sources I've come across are social networks like MySpace and Facebook. MySpace seems to be worse than Facebook, however I don't actually have any numbers to prove that. The start of the process is actually the hijacking of a user's account on one of these networks. This is done either with a phishing scam email, or a keylogger that records their username and password. It can also be done with a brute-force attack on their password, where common phrases are attempted over and over again until access is gained, but most services have protection against that.

Once a user account has been compromised, a message is sent out to all of their friends, saying something like "Check out this video I shot!" This message will almost always be very vague and will not specify what type of content is in the video. Usually, a friend would say something like "Here's a video of my wedding," but these attacks rely on ambiguity to mask their identity, so watch out for anything that doesn't have a personal touch. There's another way to spot these also, which is by checking the URL that the message is asking you to click. Like with phishing attacks, you will often see a domain name like www.upload.youtube.ags.co.kr instead of www.youtube.com. Remember, domain names work from right to left, so if you see the domain part of a URL end in youtube.com, it's safe, but not youtube.com.afs.co.cn or something similar. Another very popular ploy involves adult content, so as always, take extra care when browsing for those types of sites, and always stick to well-known providers.

Once you arrive at the webpage hosting the virus, you'll get a familiar request to install an add-on to view media on that page. It will usually call itself something like "Adobe Flash," and installing it may even show the video, but this is where the virus comes in. Again, there are things to look out for here, like a digital signature on the add-on. Also, while not as big of a deal as it used to be, using an alternate browser like Mozilla's Firefox or Google's Chrome can save you a lot of hassle, as most of these attacks use IE's ActiveX system. There are some out for Firefox now too though, and surly Apple's Safari won't be far behind once it starts picking up market share.

Besides these audio and video codecs, there are a couple of other things to look out for when we're talking Trojans. Another very common place to find them are BitTorrent downloads. While I in no way advocate software piracy, it does happen, and if you are one to steal applications, you should know that there is a large volume of Trojan-infected software available. Most of these will get picked up by a good antivirus program, but the newest threats can still slip under the radar. To be safe, always download application installers from the software developer's website, if possible.

Another easy way to pick up a Trojan is an old favorite: screensavers. It was once said that the quickest way to pick up a virus was to search the web for "free screensavers" and install the first thing you find. I'd say that the screensaver market maybe a little dry, but chances are if it has "free" in the name, you could be asking for trouble. There are notable exceptions, like AVG Free (which is awesome antivirus software), so be sure to research applications before installing. This goes double for Mac OS users, who have in the past installed anything they find with the confidence that Mac OS X will protect them. I'd say that while documented Trojans for Macs are a little sparse, they're getting more popular, and now is the time to get safe.

That about does it for Trojan Horses, and hopefully this has been an informative read for everyone. Next week we'll look at Adware and Spyware. Stay safe!