dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
818

morbo
Complete Your Transaction
join:2002-01-22
00000

morbo

Member

Practical steps to limit trojan infections (slenfbot)

I recently learned that a nearby network was infected with the slenfbot. I'm hoping to learn from their experience and help prevent something similar on my end in the future. I'll also share suggestions with my friend so they can implement changes to prevent this from happening in the future.

Their environment: 10 PCs + 2-3 servers
 
Antivirus: Symantec Endpoint Protection and all clients have this installed and updated regularly.
 
Email: Exchange box locally and have incoming mail filtered by a 3rd party for spam detection.
 
I'm not sure if they use any DNS filtering like that offered by Open DNS and their umbrella product.
 
I'm certain all use Internet Explorer.
 
I'm not sure if user accounts are limited by default or if everyone is an administrator.
 
I'm not sure how often updates (Java, etc.) that aren't Windows Updates are performed.
 
I've been reading up on infections and how to prevent them, but there isn't a "biggest bang for your buck" type list of things to try first, second, etc. Ideally, I know that a complete security lock down does all the check lists.

I'd appreciate any guidance on this.

dandelion
MVM
join:2003-04-29
Germantown, TN

1 recommendation

dandelion

MVM

Inserting this for some guidance also: »Security »How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach:

morbo
Complete Your Transaction
join:2002-01-22
00000

morbo

Member

Thanks for this great overview.

therube
join:2004-11-11
Randallstown, MD

therube to morbo

Member

to morbo
So just how did slenfbot go about getting into this "secure" network?

morbo
Complete Your Transaction
join:2002-01-22
00000

morbo

Member

said by therube:

So just how did slenfbot go about getting into this "secure" network?

I'm waiting to hear the post mortem, myself.

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

jaykaykay to therube

MVM

to therube
Darned good question considering what has to be done to get it. Unless the person who got it had their hands tied behind their back, we all know that the system could be very secure but not from a stupid user! :

Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares.