Trojans with a Twist

Trojans are a bad enough problem since they might allow remote access to a user's computer. One would think that having a firewall in place prevents a Trojan from opening backdoors in case of infection. But with Windows Firewall and the Win32.Surila.K Trojan that simply isn't always the case.

The reason is two-fold. The first reason is that while Windows Firewall is a decent effort on Microsoft's part to offer users a built-in firewall, many people consider the firewall to be only half a firewall. That is to say, it blocks inbound access unless certain inbound access has been specifically allowed by the user. But there is no way to control outbound access so all outbound access is allowed.

The second reason is that when Win32.Surila.K runs on a users system it modifies the Windows Firewall policies to allow inbound access to itself. The Trojan opens inbound access for Web and SMTP traffic, which means the system could be used as a robot in a spam operation, and who knows what else.

To make matters worse the Trojan also changes the hosts file, adding a long list of entries, so that the infected system cannot properly update its virus signature files.

You can read more about Win32.Surila.K at Kaspersky's Viruslist.com Web site.