PaulDotCom mailing list archives
Any Advice Trojan.BHO
From: binarynomad at gmail.com (Brian H)
Date: Fri, 24 Apr 2009 18:03:41 -0700
Also, if they are willing to deal with the added maintenance and cost, you can opt to install Sandboxie (http://www.sandboxie.com/) to help reduce the attack surface from both FF and IE exploits. ---- Brian On Apr 24, 2009, at 12:54 PM, Mad Marv wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IF they are serious and are willing to put up with the inconvenience, I recommend installing the NoScript and Flashblock Firefox extensions. These should prevent any drive by malware installations. NoScript also has some XSS prevention too. The downside is that web browsing starts to break down when scripts are blocked across the board. The user can approve scripts one by one, or white list scripts from entire domains. But training NoScript to do so is a chore. On the plus side, blocking scripts makes browsing super fast. And those annoying flash banner ads never bother you. Oh, and setup OpenDNS too. Create a profile and block parked domains in addition to the default phishing / adware blacklists. I've been noticing that some parked domains should be classified as phish but are not. And, nobody will really miss a parked domain. Use DNS-o-matic to register and auto-update your client's IP address w/ OpenDNS. Marv Shaun Curry wrote:Hello again everyone: I have a client that recent was hacked. We learned of this when an email notification was sent from the bank stating that a "bill pay" had been sent, but the client didn't setup any bill pay. The money has been refunded and the bank is contacting the FBI to prosecute. I have learned that they were infected by trojan.bho which as I understand is a browser helper object that looks for SSL traffic and then keylogs user names and passwords. Once an SSL session is detected a ping is sent to the attacker alerting them that SSL is being used and the somehow it sends the keylogger info via ICMP. We have removed the BHO and they have reset all passwords. I am curious if there is anything else I can do to prevent this attack from happening again? I installed and instructed the user to use Firefox and not IE and updated all windows updates along with the antivirus. They are using Symantec Corporate Edition v. 10. Is there a better antivirus to use? They have a PIX for a firewall.... and thats about all I can think of right now... Any ideas? thanx -Shaun ------------------------------------------------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ8hjekOgHKNOb0dERAnWSAJ9CEqdCtBZfJezxVOARhnhH8n76FACgjx/q oEXVH1Uvuc7gvqCKVdmQBKE= =PwGo -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Any Advice Trojan.BHO Shaun Curry (Apr 24)
- Any Advice Trojan.BHO Kennith Asher (Apr 24)
- Any Advice Trojan.BHO Mad Marv (Apr 24)
- Any Advice Trojan.BHO Brian H (Apr 24)
- Any Advice Trojan.BHO Johan Peder Møller (Apr 24)
- Any Advice Trojan.BHO johnemiller at gmail.com (Apr 24)