[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re: Security Warning!!!
Good Afternoon, I would agree that the RAT Sub7 is a problem to detect and the mailings I saw did not mention its DDOS capabilities. While it has been around for approximately 2 years it has, as was mentioned, undergone several upgrades and there are people who are writing 'skinz' for it so you can customize its look and feel. However some of the better vulnerability scanning tools can detect this Trojan or they at least have some sort of algorithm to indicate its possible presence. In doing some forensics work, it was discovered that in some log files from ICQ sessions there were mentions of possible victims to include IP address. Additionally, one of the first things this Trojan does when installed is to notify the 'master' of its presence, so depending on how your firewall is configured, the logs may give an indication that 'something' is sending signals to strange places. Some IDS vendors have signatures for this as well. It is worth repeating one of the earlier notes that this Trojan is constantly evolving so what may work today is not necessarily true tomorrow. If anyone would like to discuss this further, please feel free to contact me directly. Thank you, Lee Kelly Security Engineer Fortrex Technologies ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|