Re: [PEN-TEST] penetrating trojan

[Kazennov Vladimir <kvn () wplus net>]

Hello!
> Hello,

...
> What would make the situation a lot more dangerous is when the trojan
> itself had the connection started, let's say over port 80 using http
> protocol, e.g. pretending being a browser. Most Firewall settings would
> allow such a connection and the trojan could unfold his power (assuming
> he was not detected by a local anti virus program.

> Why did I never encounter such a trojan? Am I missing something ... has
> anybody heard of such attacks?
 I saw such trojans on machine of our clients (I am security manager
 of ISP ) - for example Trojan.PSW.Gip (according AVP)
 This is email trojan (another threat!). It sends email with passwords
 and other confidential information to free mailbox and try to
 download plugin from free www site (and execute it).
 Try search trojan definitions on www.viruslist.com or www.hackfix.org

 I think that normal defense for workstation is firewall that have
 rules in which you may define name of application (f.e @guard). For example only
 your mailer can setup outbound connection to 25 port of only your
 mailserver. Browser NeoPlanet (f.e.) silently sends emails to their
 site. I found this fact only with @guard.



Best regards,
 Kazennov                            mailto:kvn () wplus net