Re: XP PRO Hack Attack--How?

Den Tue, 11 Dec 2007 11:49:18 -0500 skrev RD:

"anders" <andersajja@xxxxxxxxxxx> wrote in message
news:fjmaiq$baj$1@xxxxxxxxxxxxxxxxxxxx
Den Tue, 11 Dec 2007 09:25:35 -0500 skrev RD:

snipet

A little more digging reveals that the software that was placed on the
machine was indeed an FTP server. The lsass.exe and svchost.exe were
renamed program files for Serv-U. Apparently, ZA doesn't check file
integrity in its automatic rule setup, just the filename? At any rate,
the Trojan (BDS/Iroffer.13b9.1 [BDS/Iroffer.13b9.1] according to
AntiVir) apparently sets up this server for others to use as a
repository to upload and download files from the Net. This is the most
clever thing I have ever seen, and I would really like to know if anyone
can explain in detail how it was deployed on my machine. I cannot
understand how it passed through ZA to begin with. The only thing I can
tie it to is my leaving the machine in the DMZ, and possibly a site for
an online Taipei game that a member of my family visited. The new
Windows Live Messenger might also be suspect as that whole program looks
like a security breach.

RD

http://www.learn-networking.com/security.php
Click on the link: "2. Common Backdoor Programs Hackers And Pranksters
Use"
there is little info on what kind of programs that can be used to create
an backdoor to a PC.

There is normal to install some sort of an FTP and later on use it for up/
downloading files. The backdoor making it possible to install anything
necessary including the phone home function so they don't have to care if
there is a firewall or not.
The cracker is mostly not interested in what you have on the computer, he/
she is more interested in using you're computers capacity. Some is in to
create a machine that send out spam (spam boot) other aim to use you're
HD to hide illegal files (pornographic pictures of children) and so on.
It's normal to install some program that can, and will, try to find other
computers in the 'neighborhood', eg, in you're case the other two PC's on
you're LAN. If you now what has been installed and been changed then you
can remove and clean up the PC but for you to be sure to trust that PC
for the future than flatten and rebuild is the only thing to do.

Mr. Arnold has provided you with some links they are probably informative
(I don't now, haven't checked them out)

/Anders
.

Relevant Pages

  • Re: winXP and win98 and pegasus mail
    ... Ive installed the app on the win98 machine and shared the relevant ... share the folder where Pegasus stores its ... Install Pegasus on the XP machine, and configure it to use the ... Install Pegasus on both computers. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Installing Legal Copy of XP Pro
    ... being Windows XP on all your computers, for your very own personal home ... Wayne please by all means install the WinXP on all your computers and ... Install on one machine and activate it. ...
    (microsoft.public.windowsxp.general)
  • Re: OS Future now that Fedora Legacy defunct
    ... The lack of long-term support will hurt Fedora. ... Why should one install the ... wife's computer or my development network 13 months even is way too short. ... it on dozens of computers as I am. ...
    (Fedora)
  • Re: Getting an error message nearly every time!
    ... I thought Spybot had it fixed but it seem that ... and the instruction usually given is to 'install anyway'. ... >>> of a spyware writer to stop computers working, ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: ATTN an MVP that is against the MS EUA
    ... > Since the average user can't install XP, I can't see this as any ... I didn't include price in the idea at all - one should not pirate ... > That would drive the cost of the product even higher, ... >> Most families don't have more than three computers. ...
    (microsoft.public.windowsxp.general)