| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
Trojans are spread by the stupidity of people downloading haphazardly crap off the Internet.
Trojans are NOT viruses and don't replicate. -- Dave "Thund3rstruck_n0i" <> wrote in message news  yXKd.6250$...| A friend of mine found TROJ_AGENT.ALL (As it is called on Trend Micro's | site) and ISTBAR on his PC. I've read up on istbar but Trend's site is | vague on how TROJ_AGENT.ALL is spread. Anyone know? | | TIA | | NOI | |
|
|
|
|
|||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
Dave wrote:
> Trojans are spread by the stupidity of people downloading haphazardly crap > off the Internet. > Trojans are NOT viruses and don't replicate. Not entirely true, as I have a web server that has been compromised twice by several back door Trojans. I do not download anything with the server and can only presume it was hacked, which is the other way to get Trojans and backdoors. It had all the MS OS updates applied, antivirus running, etc. Since then, I have ran MS Baseline Security Analyzer on it and made all possible changes Also, Applied an additional update to SQL Server Applied an additional update to .Net Changed the name of IUSR and IWAM Accounts Removed the Admin account Turned off NetBIOS And still not sure if this will help, as I do not know how the server was infected either time. "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:XC_Kd.79$Xs6.49@trnddc01... > Trojans are spread by the stupidity of people downloading haphazardly crap > off the Internet. > Trojans are NOT viruses and don't replicate. > > -- > Dave > > > > > "Thund3rstruck_n0i" <> wrote in message > news yXKd.6250$...> | A friend of mine found TROJ_AGENT.ALL (As it is called on Trend Micro's > | site) and ISTBAR on his PC. I've read up on istbar but Trend's site is > | vague on how TROJ_AGENT.ALL is spread. Anyone know? > | > | TIA > | > | NOI > | > > |
|
|
|
|
|||
|
Guest
Posts: n/a
|
Servers are different. I should have stated user computers.
-- Dave "ed" <> wrote in message news:vKbLd.582$... | Dave wrote: | | | > Trojans are spread by the stupidity of people downloading haphazardly crap | > off the Internet. | > Trojans are NOT viruses and don't replicate. | | Not entirely true, as I have a web server that has been compromised twice by | several back door Trojans. I do not download anything with the server and | can only presume it was hacked, which is the other way to get Trojans and | backdoors. It had all the MS OS updates applied, antivirus running, etc. | | Since then, I have ran MS Baseline Security Analyzer on it and made all | possible changes | | Also, | | Applied an additional update to SQL Server | Applied an additional update to .Net | Changed the name of IUSR and IWAM Accounts | Removed the Admin account | Turned off NetBIOS | | And still not sure if this will help, as I do not know how the server was | infected either time. | | | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message | news:XC_Kd.79$Xs6.49@trnddc01... | > Trojans are spread by the stupidity of people downloading haphazardly crap | > off the Internet. | > Trojans are NOT viruses and don't replicate. | > | > -- | > Dave | > | > | > | > | > "Thund3rstruck_n0i" <> wrote in message | > news yXKd.6250$...| > | A friend of mine found TROJ_AGENT.ALL (As it is called on Trend Micro's | > | site) and ISTBAR on his PC. I've read up on istbar but Trend's site is | > | vague on how TROJ_AGENT.ALL is spread. Anyone know? | > | | > | TIA | > | | > | NOI | > | | > | > | | |
|
|
|
|
|||
|
Guest
Posts: n/a
|
ed wrote:
> Dave wrote: > > > >>Trojans are spread by the stupidity of people downloading haphazardly crap >>off the Internet. >>Trojans are NOT viruses and don't replicate. > > > Not entirely true, as I have a web server that has been compromised twice by > several back door Trojans. I do not download anything with the server and > can only presume it was hacked, which is the other way to get Trojans and > backdoors. It had all the MS OS updates applied, antivirus running, etc. > > Since then, I have ran MS Baseline Security Analyzer on it and made all > possible changes > > Also, > > Applied an additional update to SQL Server > Applied an additional update to .Net > Changed the name of IUSR and IWAM Accounts > Removed the Admin account > Turned off NetBIOS > > And still not sure if this will help, as I do not know how the server was > infected either time. > > > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:XC_Kd.79$Xs6.49@trnddc01... > >>Trojans are spread by the stupidity of people downloading haphazardly crap >>off the Internet. >>Trojans are NOT viruses and don't replicate. >> >>-- >>Dave >> >> >> >> >>"Thund3rstruck_n0i" <> wrote in message >>news yXKd.6250$.. .>>| A friend of mine found TROJ_AGENT.ALL (As it is called on Trend Micro's >>| site) and ISTBAR on his PC. I've read up on istbar but Trend's site is >>| vague on how TROJ_AGENT.ALL is spread. Anyone know? >>| >>| TIA >>| >>| NOI >>| >> >> > > > Sure hope you did a clean build on the server else you probably are still compromised. You should ensure your SQL server is constrained to only talk to the web host and possibly admin terms and block SQL server access at the firewall. Ideally the sq server is on a separate box else wise run sq server on a virtual IP. It is not good practice to do client side processing with exposed SQL services. .NET introduces a whole gambit of security issues into the mix. For example there are a number of calls where .NET works with client side MS apps where code can be induced into the system. This usually requires an authenticated user. This is why a number of major players in the .NET community have been dumping .NET If the compromise is properly executed the "bad guy" trojaned other connecting clients to make re-exploit easier. We have found .NET can have significant issues if improperly implemented and improperly restricted. Winged |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
|
|
