lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E372C831BC095A4993B3C3C6D0B7DA1204AF735A@ntsrv3.hasting.com>
From: francij at hastings-ent.com (Francis, Justin)
Subject: Jefferson-Is this a known problem? Trojans?

I haven't heard of this message before, however, many messages such as these have header info generated ("brand spoofing"), which thus varies the sender/subject lines from message to message.

The first thing I would do when my system boots back up is check Task Manager for currently running processes on the system.  Anything peculiar should be checked out.  You should also perform a port-scan, if you have the tools, to make sure there haven't been any ports opened up that are running an unwanted service.

There are tools, such as Ad-aware that can be used to scan for malware on your Windows system (www.ad-aware.com).  Symantec and others are helpful, but only for known viruses.

Of course, the best cure is to not open emails from unexpected sources, but if you must, at least open them in "text only", as this may reduce the risk involved, especially if this becomes an ongoing problem.

If a re-install is needed, just be sure to start the firewall before attaching it to a network and make note of all the processes that run by default, so you will always know exactly what should be running on your system. One thing they teach you in SANS courses is that if you don't know what's running on your system and what your network and CPU load is on an average day . . . how will you ever know if your systems been breeched.

--
jfshadow


> Message: 1
> Date: Mon, 29 Dec 2003 09:39:58 -0800 (PST)
> From: Montana Tenor <montanatenor@...oo.com>
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Jefferson-Is this a known problem? Trojans?
> 
> Hello Everyone,
> 
> A friend of mine was opening an email in front of me
> when her XP machine crashed.  I thought maybe it was a
> power spike or something so she powered up and went
> back to the email, clicked to view the message from
> hotmail.com, the machine powered off again.  She
> erased the message before I could forward it to an
> offsite machine, but the details as I remember them
> were:
> 
> Sender=Jefferson (she knows a Jefferson)
> Subject=(blank)
> Open the message and immediately powers off the
> machine.
> 
> My question to you is, now that her machine is
> possibly comprimised, what tools can I use to check
> for trojans or other things that could have been
> installed.  I've run her Symantec System Scanning
> tool, and it shows no known problems.  Has anyone
> heard of this specific message, and is it simply
> designed to be annoying or does it install malware on
> the machine?  I know this information is vague, any
> advise is welcome.
> 
> Kindest Regards,
> Matt
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ