Security Basics mailing list archives
Re: Proxy+ Trojan
From: "KoRe MeLtDoWn" <koremeltdown () hotmail com>
Date: Mon, 03 Feb 2003 23:47:48 +0000
The simple answer is find out how it was put on there, and block off that avenue. Then do a security audit on that machine... that Might go a long way to protecting you from this in the future. Though this all depends on weither the proxy was installed by a remote or local user.
More info please... Regards, Hamish Stanaway -= KoRe WoRkS =- Internet Security Owner/Operator Auckland, New Zealand http://www.koreworks.com/ Is your box REALLY secure?
From: "Bill" <proftpd () anatek com> To: <security-basics () securityfocus com> Subject: Proxy+ Trojan Date: Sat, 1 Feb 2003 00:33:48 -0600 MIME-Version: 1.0Received: from outgoing3.securityfocus.com ([205.206.231.27]) by mc6-f3.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 3 Feb 2003 11:22:56 -0800 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 8094FA30DE; Mon, 3 Feb 2003 11:49:43 -0700 (MST)Received: (qmail 9098 invoked from network); 1 Feb 2003 06:33:06 -0000 X-Message-Info: dHZMQeBBv44lPE7o4B5bAg== Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com Message-ID: <057301c2c9bb$e211cd40$6501a8c0@develop1> X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106Return-Path: security-basics-return-17647-koremeltdown=hotmail.com () securityfocus com X-OriginalArrivalTime: 03 Feb 2003 19:22:56.0703 (UTC) FILETIME=[A7F4ECF0:01C2CBB9]Someone installed Proxy+ on one of our servers (Win2K/IIS5) and left it openon a high port for spammers. I've shut it down, but how do I prevent them from doing this again?
_________________________________________________________________Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Current thread:
- Proxy+ Trojan Bill (Feb 03)
- RE: Proxy+ Trojan dave (Feb 05)
- <Possible follow-ups>
- Re: Proxy+ Trojan KoRe MeLtDoWn (Feb 04)
- Re: Proxy+ Trojan Bill (Feb 05)
- RE: Proxy+ Trojan dave (Feb 04)
- Re: Proxy+ Trojan Bill (Feb 05)
- Re: Proxy+ Trojan KoRe MeLtDoWn (Feb 05)