[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-Disclosure] Jefferson-Is this a known problem? Trojans?
From: "Francis, Justin" <francij () hastings-ent ! com>
Date: 2003-12-30 21:00:19
Message-ID: E372C831BC095A4993B3C3C6D0B7DA1204AF735A () ntsrv3 ! hasting ! com
[Download RAW message or body]
I haven't heard of this message before, however, many messages such as these have header info \
generated ("brand spoofing"), which thus varies the sender/subject lines from message to \
message.
The first thing I would do when my system boots back up is check Task Manager for currently \
running processes on the system. Anything peculiar should be checked out. You should also \
perform a port-scan, if you have the tools, to make sure there haven't been any ports opened up \
that are running an unwanted service.
There are tools, such as Ad-aware that can be used to scan for malware on your Windows system \
(www.ad-aware.com). Symantec and others are helpful, but only for known viruses.
Of course, the best cure is to not open emails from unexpected sources, but if you must, at \
least open them in "text only", as this may reduce the risk involved, especially if this \
becomes an ongoing problem.
If a re-install is needed, just be sure to start the firewall before attaching it to a network \
and make note of all the processes that run by default, so you will always know exactly what \
should be running on your system. One thing they teach you in SANS courses is that if you don't \
know what's running on your system and what your network and CPU load is on an average day . . \
. how will you ever know if your systems been breeched.
--
jfshadow
> Message: 1
> Date: Mon, 29 Dec 2003 09:39:58 -0800 (PST)
> From: Montana Tenor <montanatenor@yahoo.com>
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] Jefferson-Is this a known problem? Trojans?
>
> Hello Everyone,
>
> A friend of mine was opening an email in front of me
> when her XP machine crashed. I thought maybe it was a
> power spike or something so she powered up and went
> back to the email, clicked to view the message from
> hotmail.com, the machine powered off again. She
> erased the message before I could forward it to an
> offsite machine, but the details as I remember them
> were:
>
> Sender=Jefferson (she knows a Jefferson)
> Subject=(blank)
> Open the message and immediately powers off the
> machine.
>
> My question to you is, now that her machine is
> possibly comprimised, what tools can I use to check
> for trojans or other things that could have been
> installed. I've run her Symantec System Scanning
> tool, and it shows no known problems. Has anyone
> heard of this specific message, and is it simply
> designed to be annoying or does it install malware on
> the machine? I know this information is vague, any
> advise is welcome.
>
> Kindest Regards,
> Matt
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic