Security Basics mailing list archives

re: any useful links on trojans/RAT's?

From: H C <keydet89 () yahoo com>
Date: Thu, 14 Nov 2002 06:00:14 -0800 (PST)

1-Anyone knows the best mailing lists or websites to
post some questions about trojans?


While I'm not sure what it is you're looking for, I
would still suggest that you start by setting up links
or bookmarks to several anti-virus vendor's sites. 
These usually provide pretty good information on
Trojans and other malware (worms, etc) to include
changes they make to systems.  In some cases, they
even go so far as to identify the (primary) infection
vector.

2-What is the trojan I am most likely to get into

our

systems?


It depends.  What systems are you talking about?  If
you're looking just at the public lists, you might
think that most folks w/ unpatched IIS systems are
getting DDoS agents and IRC bots.  But that's
admittedly a very closed and limited source of
information, and may not indicate an overall trend.

User workstations may be different, particularly
considering the kind of access you give them.  The
FriendGreet worm popped up on a system here yesterday.
 For the most part, Klez and the other worms have been
caught by the email A/V software...so the only real
issue I've seen (and this is specific to our
infrastructure) is ad- and spy-ware, and the
occaisional hoax.

Whats is the best protection?


I've written several articles on the subject...some
published by SF, others published in the Information
Security Bulletin (CHI Publishing).  The "best"
protection is relative.  In testing, some A/V tools
don't detect netcat.  Some of the IRC bots (powerbot,
GTBot, russiantopz bot) aren't detected by A/V, b/c
they are made up of two primary components that are
both, themselves, legitimate programs.  And we haven't
even started to discuss the use of NTFS alternate data
streams and other, more sophisticated methods of
infection, storage, and execution.

Your questions are pretty vague, to say the least. 
Some general answers can be given, but in order to
meet your specific needs, you need to either (a) do
the research yourself, or (b) work w/ someone and give
them the information they need...specific os's,
policies, infrastructure design, etc.

Carv



__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com

Current thread:

re: any useful links on trojans/RAT's? H C (Nov 14)
- <Possible follow-ups>
- Re: any useful links on trojans/RAT's? H C (Nov 15)
- Re: any useful links on trojans/RAT's? Stephen Entwisle (Nov 16)
- Re: any useful links on trojans/RAT's? KoRe MeLtDoWn (Nov 16)
- Re: any useful links on trojans/RAT's? Joris De Donder (Nov 17)
- Re: any useful links on trojans/RAT's? KoRe MeLtDoWn (Nov 18)
  - Re: any useful links on trojans/RAT's? H C (Nov 20)
- RE: any useful links on trojans/RAT's? Rajendra Singh (Nov 21)
- RE: any useful links on trojans/RAT's? Calhoun, Heath (Nov 22)