Security Basics mailing list archives
Re: Lethic proxy
From: Nikhil Wagholikar <visitnikhil () gmail com>
Date: Mon, 15 Mar 2010 23:10:31 +0530
Hello Garfield, Lethic is known to have varied generic names and doesn't have a common behaviour pattern. However from the samples those were studied by researcher, gave a fair clue about this spambot. One of the features of Lethic is that it injects itself in Explorer.exe and creates a random-named mutex in the infected machine. This can be verified using tool 'Process Explorer' from 'Sysinternals suite'. More Info about Lethic: http://www.m86security.com/trace/i/Lethic,spambot.1205~.asp More Info about Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Hope this helps! --- Nikhil Wagholikar Practice Lead | Security Assessments & Digital Forensics Network Intelligence India Pvt. Ltd. [NII Consulting] Web: http://www.niiconsulting.com/ Comprehensive Information Security Training http://www.iisecurity.in/courses/Training%20Calendar.html On 11 March 2010 01:25, Garfield McBroom <gmcbroom () antrim ifsgroup com> wrote:
I've been asked to attempt to find a lethic proxy on a network. The existing antivirus software does not seem to have caught it. As there are a number of PC's/ servers etc is there any easy way of detecting an infected client (perhaps using nmap or other similar scanner)? Initial investigations indicated that none of the computers are currently trying to connect to smtp. rgds ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Lethic proxy Garfield McBroom (Mar 15)
- Re: Lethic proxy Nikhil Wagholikar (Mar 15)