Security Basics mailing list archives
Protecting Home Machines
From: Sys Sec <syssec () sysigsa com>
Date: Fri, 21 Nov 2003 08:08:22 +0100
Hi Cherian The NACHI.A worm usually arrives as DLLHOST.EXE (~10,240 bytes) on target systems. It also opens ports between port 666 to port 765 for its malicious routines. Propagation Similar to the earlier MSBLAST worm variants, this malware also exploits the RPC DCOM Buffer Overflow Please visit http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.A You can download a microsoft scan to view if your system is vulnerable: (You can test it after you patch) http://www.microsoft.com/downloads/details.aspx?FamilyId=13AE421B-7BAB-41A2- 843B-FAD838FE472E&displaylang=en When you patch the system I recommend that you install a firewall in your machine. I recommend Sygate Personal Firewall http://smb.sygate.com/free/default.php -----Mensaje original----- De: Cherian M. Palayoor [mailto:cpalayoor () cwalkergroup com] Enviado el: jueves 20 de noviembre de 2003 20:23 Para: security-basics () securityfocus com Asunto: Protecting Home Machines I have a remote user whose laptop was severely infected by the trojans MSBLAST & WiNSHOW.A. I reinstalled the OS on the machine following a complete reformat, and installed an anti-virus with the latest update. I ran a complete scan on the machine prior to shipping the machine back to the user. However as soon as the user took back the machine home, he was infected by another worm (NACHI.A) within a few minutes of connecting to the internet through his high speed cable modem. He swears that he had not downloaded anything nor tried any removable media on this machine. Following a bit of research on the matter, I am now aware that it is possible for machines to get infected on the fly especially through unprotected home internet connections. The question is, "What do I do to prevent such occurrences which have increased of late." My thanks in advance for any thoughts or words of advise. CP --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Protecting Home Machines Cherian M. Palayoor (Nov 20)
- RE: Protecting Home Machines David Gillett (Nov 21)
- Re: Protecting Home Machines Vishal (Nov 21)
- Re: Protecting Home Machines Byron Sonne (Nov 21)
- Re: Protecting Home Machines Don Voss (Nov 21)
- RE: Protecting Home Machines Wayne S. Ackley (Nov 21)
- Re: Protecting Home Machines Burak Bilen (Nov 21)
- Information Security Presentations. John Sm (Nov 21)
- Re: Information Security Presentations. Johannes B. Ullrich (Nov 23)
- Information Security Presentations. John Sm (Nov 21)
- Re: Protecting Home Machines AragonX (Nov 26)
- <Possible follow-ups>
- Protecting Home Machines Sys Sec (Nov 21)
- RE: Protecting Home Machines Jonathan Pesce (Nov 21)
- Re: Protecting Home Machines tomasfrota (Nov 23)
- RE: Protecting Home Machines Guillaume Lavoix (Nov 21)
- RE: Protecting Home Machines James Tusini (Nov 21)
- RE: Protecting Home Machines Hays Jim. (Nov 21)
- Re: Protecting Home Machines Carl_Foote (Nov 21)
- Re: Protecting Home Machines Mateus I (Nov 24)
- RE: Protecting Home Machines Nicholson, Dale (Nov 24)