NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Security Warning!!!

Title: RE: [FW1] Multiple Border FW-1's, SR now broken

The SOPHOS ANTI-VIRUS detects this. Try a download copy of the from www.sophos.com. I have ran this for the last three years on networks and can not complain. They update daily and send software monthly, plus a lot of new ways for scanning and deploying. Sorry for the sales pitch but love the software for networks and the free version for home use.

 

Thanks  Tony Sodaro

 

Tony Sodaro

<<< Cyberonics >>>

16511 Space Center Blvd. Suite 600

Houston, Texas 77058

http://www.cyberonics.com/

mailto:[email protected]

(O)  (C)

--------------------------------------------------

           \\\|///

         \\  - -  //

         (  @ @  )

---oOOo-(_)-oOOo-----

|  GO CYBX  |

-----------------Oooo---

         oooO    (   )

        (   )        )  /     

         \  (       (_/

           \ )

 

-----Original Message-----
From: Benjamin Keller [mailto:[email protected]]
Sent: Wednesday, March 14, 2001 3:21 PM
To: FWList (E-mail)
Subject: [FW1] Security Warning!!!
Importance: High

 

Att: All Security Admins,

 

If you are already not aware, their is a new threat to the security of your networks. It's call Sub7 http://www.sub7files.com/

it is not new and thus prompting the intent of this e-mail.

We are running Fw1-4.01-sp2, Nav 7.5 cooperate, and esafe e-mail scanner. I have downloaded it installed it and ran it on my test lab. Norton did not detect the Trogon/Worm nor did e-safe find it when I e-mail it to my self. It was scanned and found to be clean... This programs gives almost unlimited access to the local pc as well as the ability to snoop the network all from the client pc.. It can be masked to look like any service, and leave very little evidence of being installed. It can be programmed ( with little effort ) to run on ANY port.

I am still waiting to hear from Symantec and Aladdin to find out if they are aware and or ready to come out with definition. The service can be called anything (Rundll32 by default) or Word, Outlook, Explorer, System Idle Process, etc.. While someone is connected it will not show up by doing a netstat -a. It only affects Windows machines.

Just a heads up.

If anyone knows how to find/remove it I would appreciate it.

Thanks,

Benjamin Keller

Systems Administrator

Conceptis Technologies

This message has been scanned by Cyberonics, Inc. for a Virus.
______________________________________________________________


  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.