| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Re: Security Warning!!!
Good Afternoon,
I would agree that the RAT Sub7 is a problem to detect and the mailings I
saw did not mention its DDOS capabilities. While it has been around for
approximately 2 years it has, as was mentioned, undergone several upgrades
and there are people who are writing 'skinz' for it so you can customize its
look and feel.
However some of the better vulnerability scanning tools can detect this
Trojan or they at least have some sort of algorithm to indicate its possible
presence.
In doing some forensics work, it was discovered that in some log files from
ICQ sessions there were mentions of possible victims to include IP address.
Additionally, one of the first things this Trojan does when installed is to
notify the 'master' of its presence, so depending on how your firewall is
configured, the logs may give an indication that 'something' is sending
signals to strange places.
Some IDS vendors have signatures for this as well.
It is worth repeating one of the earlier notes that this Trojan is
constantly evolving so what may work today is not necessarily true tomorrow.
If anyone would like to discuss this further, please feel free to contact me
directly.
Thank you,
Lee Kelly
Security Engineer
Fortrex Technologies
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
