Re: New Trojan
From: Damian Gerow (damian_at_sentex.net)
Date: 10/27/03
- Previous message: Mark DeFilippis: "Re: We have lots of users with SonicWalls for VPN connectivity in to FW-1, possible major security hole"
- In reply to: Jay Castaldo: "Re: New Trojan"
- Next in thread: Chris Fussell: "RE: New Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Oct 2003 12:21:35 -0500 To: incidents@securityfocus.com
Thus spake Jay Castaldo (fupayme2003@hotmail.com) [27/10/03 12:19]:
> Thanks for all the help everybody, I have definately learned something new
> today about the good old Windows systems and NTFS.
(Something else you may want to learn is word-wrapping in your mail client.)
> I'm just very curious how it got on my computer to begin with, but on to
> the fix action. I was so mind boggled and bothered about this on my
> machine, I almost (keyword) reloaded my entire machine, but as somebody
> mentioned earlier about a rundll command and walla done. I can't
> believe it was that simple. The funny thing about it, no anti viral
> tools or anti trojan tools would work period just because I think as
> somebody already stated it was using an ADS which apparently is a great
> way to hide new trojans on any NTFS machine. This forum is by far a
> great tool to learn something new everyday and I definately have
> learned something. Thank you for all your input.
Be very, very careful -- if you don't know how it got on to your machine,
then you don't know what else could be on your machine.
And if you /do/ find out how it got on there, please let me know. That's
the one thing I haven't figured out yet.
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
----------------------------------------------------------------------------
- Previous message: Mark DeFilippis: "Re: We have lots of users with SonicWalls for VPN connectivity in to FW-1, possible major security hole"
- In reply to: Jay Castaldo: "Re: New Trojan"
- Next in thread: Chris Fussell: "RE: New Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
