dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
689
share rss forum feed


morbo
Complete Your Transaction

join:2002-01-22
00000
Reviews:
·Charter

Practical steps to limit trojan infections (slenfbot)

I recently learned that a nearby network was infected with the slenfbot. I'm hoping to learn from their experience and help prevent something similar on my end in the future. I'll also share suggestions with my friend so they can implement changes to prevent this from happening in the future.

Their environment: 10 PCs + 2-3 servers
 
Antivirus: Symantec Endpoint Protection and all clients have this installed and updated regularly.
 
Email: Exchange box locally and have incoming mail filtered by a 3rd party for spam detection.
 
I'm not sure if they use any DNS filtering like that offered by Open DNS and their umbrella product.
 
I'm certain all use Internet Explorer.
 
I'm not sure if user accounts are limited by default or if everyone is an administrator.
 
I'm not sure how often updates (Java, etc.) that aren't Windows Updates are performed.
 
I've been reading up on infections and how to prevent them, but there isn't a "biggest bang for your buck" type list of things to try first, second, etc. Ideally, I know that a complete security lock down does all the check lists.

I'd appreciate any guidance on this.


dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
kudos:5

1 recommendation

Inserting this for some guidance also: »Security »How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach:



morbo
Complete Your Transaction

join:2002-01-22
00000

Thanks for this great overview.



therube

join:2004-11-11
Randallstown, MD
reply to morbo

So just how did slenfbot go about getting into this "secure" network?



morbo
Complete Your Transaction

join:2002-01-22
00000
Reviews:
·Charter

said by therube:

So just how did slenfbot go about getting into this "secure" network?

I'm waiting to hear the post mortem, myself.


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
Reviews:
·Cox HSI
·Speakeasy
reply to therube

Darned good question considering what has to be done to get it. Unless the person who got it had their hands tied behind their back, we all know that the system could be very secure but not from a stupid user! :

Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares.
--
JKK

Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!

»www.pbase.com/jaykaykay