|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Security Warning!!!
Title: RE: [FW1] Multiple Border FW-1's, SR now broken Att: All Security Admins,
If you are already not aware, their is a new threat to the security of your networks. It's call Sub7 http://www.sub7files.com/ it is not new and thus prompting the intent of this e-mail. We are running Fw1-4.01-sp2, Nav 7.5 cooperate, and esafe e-mail scanner. I have downloaded it installed it and ran it on my test lab. Norton did not detect the Trogon/Worm nor did e-safe find it when I e-mail it to my self. It was scanned and found to be clean... This programs gives almost unlimited access to the local pc as well as the ability to snoop the network all from the client pc.. It can be masked to look like any service, and leave very little evidence of being installed. It can be programmed ( with little effort ) to run on ANY port. I am still waiting to hear from Symantec and Aladdin to find out if they are aware and or ready to come out with definition. The service can be called anything (Rundll32 by default) or Word, Outlook, Explorer, System Idle Process, etc.. While someone is connected it will not show up by doing a netstat -a. It only affects Windows machines. Just a heads up. If anyone knows how to find/remove it I would appreciate it. Thanks, Benjamin Keller Systems Administrator Conceptis Technologies
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
