'[Full-Disclosure] Jefferson-Is this a known problem? Trojans?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] Jefferson-Is this a known problem? Trojans?
From:       "Francis, Justin" <francij () hastings-ent ! com>
Date:       2003-12-30 21:00:19
Message-ID: E372C831BC095A4993B3C3C6D0B7DA1204AF735A () ntsrv3 ! hasting ! com
[Download RAW message or body]

I haven't heard of this message before, however, many messages such as these have header info \
generated ("brand spoofing"), which thus varies the sender/subject lines from message to \
message.

The first thing I would do when my system boots back up is check Task Manager for currently \
running processes on the system.  Anything peculiar should be checked out.  You should also \
perform a port-scan, if you have the tools, to make sure there haven't been any ports opened up \
that are running an unwanted service.

There are tools, such as Ad-aware that can be used to scan for malware on your Windows system \
(www.ad-aware.com).  Symantec and others are helpful, but only for known viruses.

Of course, the best cure is to not open emails from unexpected sources, but if you must, at \
least open them in "text only", as this may reduce the risk involved, especially if this \
becomes an ongoing problem.

If a re-install is needed, just be sure to start the firewall before attaching it to a network \
and make note of all the processes that run by default, so you will always know exactly what \
should be running on your system. One thing they teach you in SANS courses is that if you don't \
know what's running on your system and what your network and CPU load is on an average day . . \
. how will you ever know if your systems been breeched.

--
jfshadow


> Message: 1
> Date: Mon, 29 Dec 2003 09:39:58 -0800 (PST)
> From: Montana Tenor <montanatenor@yahoo.com>
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] Jefferson-Is this a known problem? Trojans?
> 
> Hello Everyone,
> 
> A friend of mine was opening an email in front of me
> when her XP machine crashed.  I thought maybe it was a
> power spike or something so she powered up and went
> back to the email, clicked to view the message from
> hotmail.com, the machine powered off again.  She
> erased the message before I could forward it to an
> offsite machine, but the details as I remember them
> were:
> 
> Sender=Jefferson (she knows a Jefferson)
> Subject=(blank)
> Open the message and immediately powers off the
> machine.
> 
> My question to you is, now that her machine is
> possibly comprimised, what tools can I use to check
> for trojans or other things that could have been
> installed.  I've run her Symantec System Scanning
> tool, and it shows no known problems.  Has anyone
> heard of this specific message, and is it simply
> designed to be annoying or does it install malware on
> the machine?  I know this information is vague, any
> advise is welcome.
> 
> Kindest Regards,
> Matt
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic