Security Basics mailing list archives
Windows Bot/Trojan/Backdoor scanner
From: Andrew Hecox <ahecox () uchicago edu>
Date: Fri, 12 Sep 2003 00:05:44 -0500 (CDT)
greetings! ... as the subject implies, I'm looking for something to scan for backdoor software on the Windows platform. For example, if a system has been compromised by a worm such as msblast or bugbear which installs a backdoor, I'd like to be able to scan the system to see if anyone has taken advantage of *that* backdoor to install another piece of malicious software like an IRC bot. The primary complication is that software would only be used in situations where it was scanning machines AFTER they had been infected some other virus. No software (like tripwire, etc) can be installed before the infection. First question- obviously there is lots of software that will search for trojans but is there any which will be cutting edge enough to catch the vast majority of the latest and greatest remote control malware? Second question- if so, is any of it substantially better the regular antivirus software? Finally- given the problem of trying to detect whether a random system in the wild has faced additional compromises (in a cost-effective manner), is there a better solution to the problem? The current *best* solution is to re-format the system (better safe the sorry) but that situation may be getting untenable given limited resources. SwatIt came to mind but I don't have any meaningful evidence relating to its effectiveness. any ideas, comments, or suggestions are greatly appreciated. -cheers! -Andrew --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Windows Bot/Trojan/Backdoor scanner Andrew Hecox (Sep 12)
- Re: Windows Bot/Trojan/Backdoor scanner Markus Rossi (Sep 15)
- Re: Windows Bot/Trojan/Backdoor scanner Andrew Hecox (Sep 15)
- <Possible follow-ups>
- Re: Windows Bot/Trojan/Backdoor scanner H Carvey (Sep 15)
- Re: Windows Bot/Trojan/Backdoor scanner Markus Rossi (Sep 15)