Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trojan Horse - everybody read! 1

Status
Not open for further replies.
june1980

june1980

MIS
Jun 16, 2003
93
US
Make note, network admins. A honest to god trojan hourse software package is being marketed to the general public. Check this out!


I downloaded to test. It does everything is says it does and is easy to use, so I'm thinking it might take of with the hackers. The goodnews is that you can block it out at YOUR e-mail server by filtering .EXE, .PIF, and .SCR files. Just a tip, every e-mail server should block these file types anyways.
 
Shocking really, although no need to change the way we do anything. The same rules will still apply with internet security.

Have anti-virus, obviously disable active attachments, have a good firewall etc.
 
btw you aren't an affiliate of this program are you? ;)

I only ask because of the afil=1021 which would seem to signify a reference.
 
Good call, but no. One of my users got it via spam and forwarded it to me - the sys admin. I copied and pasted it here. I'm trying to get the word out about this. I've been going around all over the internet to the forums I usually visit posting this. Just shocking to me that it's legal to own something like that. Just think what could happen if a CEO opens an infected E-card.

I've also forwarded a renamed copy of the installer for it to mcafee and symantec. After all, it installs itself without the user's consent and allows people to hack your computer. It's a virus!
 
Simply disgusting... Make you wonder exactly how they have the balls to market something like this.

I'd give it 2 months (give me some time to spread the word!) before the site gets closed due to hacking attempts!

 
I called the number 619-233-0012, to inquire about how they say "LoverSpy can also be sent as ANY type of file attachment via email." It rang about 8 times then a shaky voiced message came on asking me to input my account number and password and then they would respond by email.



>Think for yourself<
...or someone else will do it for you.
 
It uses an attachment just like any other virus. I'm 99% sure it comes in either .BAT, .EXE, .SCR, .PIF, or .PE file formats. Paleogryph wrote that thier hotline said &quot;Any Attachment&quot;, But, before a Windows can start a process, it has to begin with one of the above file types. First line O defence is probably going to be your e-mail server/client. I use Exchange 2k with GFI as the server and Outlook as the client, so I can tell you there is a way to prevent these attachments from running automatically. This seems to do the trick. Do a google search on &quot;Mail security software&quot; and &quot;Securing Outlook&quot;. You should find directions on this.

I'm pretty sure Mcafee and Symantec are going to classify this as virus. So, second will MAYBE be your virus scanner.

As a fail safe, make SURE your firewall is rejecting all incoming outside initiated SYC packets - if this is done, you've nothing to worry about even if this thing is installed on your computer. I assume that this software was designed with Windows XP's firewall in mind, or else it wouldn't work on half the computers out there, so don't rely on that alone.

So far, this is all I have.
 
I am not worried about myself as much as someone like my parents getting email from thier ISP.

Could someone (I might) do a complete review on how it works? Then let us know if you could block it.

iSeriesCodePoet
iSeries Programmer/Lawson Software Administrator
[pc2]
See my progress to converting to linux.
 
The best I can tell you is to set her security setting on high. This - should - keep it from installing.
 
The best I can tell you is to set her security setting in her mail client to where it can't execute code automatically. However, Sobig and Nimda didn't seem to care if your setting were jacked....
 
Could adaware or spybot be set up somehow to catch it?
 
from what I can tell, it's brand new, so Virus Scanners and Anti-spyware stuff will need to be updated first.
 
> As a fail safe, make SURE your firewall is rejecting all
> incoming outside initiated SYC packets

You meant SYN packets, correct?
 
Sorry. I meant Syn.
 
you should be ok if you don't open the attachment. Beware of attachments like .exe, .pif, .scr. There may be a couple of others.
 
Apparently, they are/will be sued in california, amoungs other things because it's a wiretap violation or some crazy thing like it.

_____________________________
Don't forget folks,
...unless you want the coco-macaques to be send for you,
... vote people with tipmaster awards if they helped you.
 
Status
Not open for further replies.

Similar threads

disturbedone
  • Locked
  • Question
Read only user for ASDM
Replies
1
Views
67
disturbedone
disturbedone
saturnnights
  • Locked
  • Question
Used ASA devices on Ebay: Are they ready-to-run? 1
Replies
5
Views
85
hairlessupportmonkey
hairlessupportmonkey
swirg53
  • Locked
  • Question
Trojan Horse Virus 1
Replies
5
Views
79
bambock
bambock
trmg
  • Locked
  • Question
Read Error (104) Connection reset by peer (Squid)
Replies
1
Views
134
trmg
trmg
mlchris2
  • Locked
  • Question
NS5GT - easy way to read or report on traffic log
Replies
3
Views
31
airbourne
airbourne

Part and Inventory Search

Sponsor

Back
Top