Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Lethic proxy

From: Nikhil Wagholikar <visitnikhil () gmail com>
Date: Mon, 15 Mar 2010 23:10:31 +0530
Hello Garfield,

Lethic is known to have varied generic names and doesn't have a common
behaviour pattern. However from the samples those were studied by
researcher, gave a fair clue about this spambot.

One of the features of Lethic is that it injects itself in
Explorer.exe and creates a random-named mutex in the infected machine.
This can be verified using tool 'Process Explorer' from 'Sysinternals
suite'.

More Info about Lethic:
http://www.m86security.com/trace/i/Lethic,spambot.1205~.asp
More Info about Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Hope this helps!

---
Nikhil Wagholikar
Practice Lead | Security Assessments & Digital Forensics
Network Intelligence India Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://www.iisecurity.in/courses/Training%20Calendar.html

On 11 March 2010 01:25, Garfield McBroom <gmcbroom () antrim ifsgroup com> wrote:


I've been asked to attempt to find a lethic proxy on a network. The
existing antivirus software does not seem to have caught it. As there
are a number of PC's/ servers etc is there any easy way of detecting an
infected client (perhaps using nmap or other similar scanner)? Initial
investigations indicated that none of the computers are currently trying
to connect to smtp.

rgds


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: