PaulDotCom mailing list archives
Any Advice Trojan.BHO
From: herrasher at gmail.com (Kennith Asher)
Date: Fri, 24 Apr 2009 12:15:32 -0700
I'd add NoScript to the user's Firefox install. We practice installing Firefox with NoScript on every machine and instruct our user base that Firefox installed in this manner is a much safer browser than IE. This at least lessens the likelihood of re-infection. I would also advise the client to upgrade to Symantec Endpoint Protection v. 11. This is a significant improvement over previous Symantec products. Blocking ICMP at the firewall is always advisable as well, IMO. Ken On Fri, Apr 24, 2009 at 11:37 AM, Shaun Curry <shauncurry1 at gmail.com> wrote:
Hello again everyone: I have a client that recent was hacked. We learned of this when an email notification was sent from the bank stating that a "bill pay" had been sent, but the client didn't setup any bill pay. The money has been refunded and the bank is contacting the FBI to prosecute. I have learned that they were infected by trojan.bho which as I understand is a browser helper object that looks for SSL traffic and then keylogs user names and passwords. Once an SSL session is detected a ping is sent to the attacker alerting them that SSL is being used and the somehow it sends the keylogger info via ICMP. We have removed the BHO and they have reset all passwords. I am curious if there is anything else I can do to prevent this attack from happening again? I installed and instructed the user to use Firefox and not IE and updated all windows updates along with the antivirus. They are using Symantec Corporate Edition v. 10. Is there a better antivirus to use? They have a PIX for a firewall.... and thats about all I can think of right now... Any ideas? thanx -Shaun _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090424/f4863b6d/attachment.htm
Current thread:
- Any Advice Trojan.BHO Shaun Curry (Apr 24)
- Any Advice Trojan.BHO Kennith Asher (Apr 24)
- Any Advice Trojan.BHO Mad Marv (Apr 24)
- Any Advice Trojan.BHO Brian H (Apr 24)
- Any Advice Trojan.BHO Johan Peder Møller (Apr 24)
- Any Advice Trojan.BHO johnemiller at gmail.com (Apr 24)