[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Jefferson-Is this a known problem? Trojans?

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Jefferson-Is this a known problem? Trojans?
From: "Francis, Justin" <francij@hastings-ent.com>
Date: Tue, 30 Dec 2003 15:00:19 -0600

I haven't heard of this message before, however, many messages such as these 
have header info generated ("brand spoofing"), which thus varies the 
sender/subject lines from message to message.

The first thing I would do when my system boots back up is check Task Manager 
for currently running processes on the system.  Anything peculiar should be 
checked out.  You should also perform a port-scan, if you have the tools, to 
make sure there haven't been any ports opened up that are running an unwanted 
service.

There are tools, such as Ad-aware that can be used to scan for malware on your 
Windows system (www.ad-aware.com).  Symantec and others are helpful, but only 
for known viruses.

Of course, the best cure is to not open emails from unexpected sources, but if 
you must, at least open them in "text only", as this may reduce the risk 
involved, especially if this becomes an ongoing problem.

If a re-install is needed, just be sure to start the firewall before attaching 
it to a network and make note of all the processes that run by default, so you 
will always know exactly what should be running on your system. One thing they 
teach you in SANS courses is that if you don't know what's running on your 
system and what your network and CPU load is on an average day . . . how will 
you ever know if your systems been breeched.

--
jfshadow


> Message: 1
> Date: Mon, 29 Dec 2003 09:39:58 -0800 (PST)
> From: Montana Tenor <montanatenor@yahoo.com>
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] Jefferson-Is this a known problem? Trojans?
> 
> Hello Everyone,
> 
> A friend of mine was opening an email in front of me
> when her XP machine crashed.  I thought maybe it was a
> power spike or something so she powered up and went
> back to the email, clicked to view the message from
> hotmail.com, the machine powered off again.  She
> erased the message before I could forward it to an
> offsite machine, but the details as I remember them
> were:
> 
> Sender=Jefferson (she knows a Jefferson)
> Subject=(blank)
> Open the message and immediately powers off the
> machine.
> 
> My question to you is, now that her machine is
> possibly comprimised, what tools can I use to check
> for trojans or other things that could have been
> installed.  I've run her Symantec System Scanning
> tool, and it shows no known problems.  Has anyone
> heard of this specific message, and is it simply
> designed to be annoying or does it install malware on
> the machine?  I know this information is vague, any
> advise is welcome.
> 
> Kindest Regards,
> Matt
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re[2]: [Full-Disclosure] Look what's back for New Years
Next by Date: Re: [Full-Disclosure] Reverse http traffic
Previous by thread: [Full-Disclosure] Jefferson-Is this a known problem? Trojans?
Next by thread: [Full-Disclosure] RE: DANGER ZONE: Internet Explorer
Index(es):
- Date
- Thread