Trojan Horses

[jeffbouldin]

How do these get on a computer? A client has been getting alot of these since June 1st. I've uninstalled MIRC (serveral were variations of trojans that used it), stopped Windows Messanger, they don't use Outlook or Outlook Express. They are behind a router with a firewall.

 

[jrbarnett]

Most are executable files that come as email attachments, with an email written to encourage the user to double click on the executable file.
This will install the trojan on the system, so it will get started either immediately or after the next reboot.
Remember that although it may say it is a screensaver, the "trojan" means it has a hidden side that it won't talk about.

What more can you do? A few suggestions:
1. Stop emails with executable attachments (filter the attachments at the firewall if applicable).
2. Initiate a policy that all email attachments must be virus scanned prior to opening (hopefully this could be done by the firewall or email server which could quarantine anything dodgy). Make sure that the virus scanner on this machine is kept up to date.
3. Configure the firewall to only allow outgoing requests on certain TCP/IP ports (eg web, SMTP/POP3 email, newsgroup traffic only; anything else is blocked).

John