Topic 'Practical steps to limit trojan infections (slenfbot)' in forum 'Security' - dslreports.com

Re: Practical steps to limit trojan infections (slenfbot)

Thu, 14 Feb 2013 15:57:04 EDT

jaykaykay posted : Darned good question considering what has to be done to get it. Unless the person who got it had their hands tied behind their back, we all know that the system could be very secure but not from a stupid user! :(:

Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares.
--
JKK:-)

Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature!

»www.pbase.com/jaykaykay

Re: Practical steps to limit trojan infections (slenfbot)

Thu, 14 Feb 2013 12:52:36 EDT

morbo posted :

said by therube:

So just how did slenfbot go about getting into this "secure" network?

I'm waiting to hear the post mortem, myself.

Re: Practical steps to limit trojan infections (slenfbot)

Thu, 14 Feb 2013 12:41:37 EDT

therube posted : So just how did slenfbot go about getting into this "secure" network?

Re: Practical steps to limit trojan infections (slenfbot)

Thu, 14 Feb 2013 12:27:54 EDT

morbo posted : Thanks for this great overview.

Re: Practical steps to limit trojan infections (slenfbot)

Thu, 14 Feb 2013 12:09:22 EDT

dandelion posted : Inserting this for some guidance also: »Security »How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach:

Practical steps to limit trojan infections (slenfbot)

Thu, 14 Feb 2013 11:43:12 EDT

morbo posted : I recently learned that a nearby network was infected with the slenfbot. I'm hoping to learn from their experience and help prevent something similar on my end in the future. I'll also share suggestions with my friend so they can implement changes to prevent this from happening in the future.

Their environment: 10 PCs + 2-3 servers Antivirus: Symantec Endpoint Protection and all clients have this installed and updated regularly. Email: Exchange box locally and have incoming mail filtered by a 3rd party for spam detection. I'm not sure if they use any DNS filtering like that offered by Open DNS and their umbrella product. I'm certain all use Internet Explorer. I'm not sure if user accounts are limited by default or if everyone is an administrator. I'm not sure how often updates (Java, etc.) that aren't Windows Updates are performed.

I've been reading up on infections and how to prevent them, but there isn't a "biggest bang for your buck" type list of things to try first, second, etc. Ideally, I know that a complete security lock down does all the check lists.

I'd appreciate any guidance on this.