Jefferson-Is this a known problem? Trojans?

["Francis, Justin" <francij () hastings-ent com>]

I haven't heard of this message before, however, many messages such as these have header info generated ("brand 
spoofing"), which thus varies the sender/subject lines from message to message.

The first thing I would do when my system boots back up is check Task Manager for currently running processes on the 
system.  Anything peculiar should be checked out.  You should also perform a port-scan, if you have the tools, to make 
sure there haven't been any ports opened up that are running an unwanted service.

There are tools, such as Ad-aware that can be used to scan for malware on your Windows system (www.ad-aware.com).  
Symantec and others are helpful, but only for known viruses.

Of course, the best cure is to not open emails from unexpected sources, but if you must, at least open them in "text 
only", as this may reduce the risk involved, especially if this becomes an ongoing problem.

If a re-install is needed, just be sure to start the firewall before attaching it to a network and make note of all the 
processes that run by default, so you will always know exactly what should be running on your system. One thing they 
teach you in SANS courses is that if you don't know what's running on your system and what your network and CPU load is 
on an average day . . . how will you ever know if your systems been breeched.

--
jfshadow


> Message: 1
> Date: Mon, 29 Dec 2003 09:39:58 -0800 (PST)
> From: Montana Tenor <montanatenor () yahoo com>
> To: full-disclosure () lists netsys com
> Subject: [Full-disclosure] Jefferson-Is this a known problem? Trojans?
>
> Hello Everyone,
>
> A friend of mine was opening an email in front of me
> when her XP machine crashed.  I thought maybe it was a
> power spike or something so she powered up and went
> back to the email, clicked to view the message from
> hotmail.com, the machine powered off again.  She
> erased the message before I could forward it to an
> offsite machine, but the details as I remember them
> were:
>
> Sender=Jefferson (she knows a Jefferson)
> Subject=(blank)
> Open the message and immediately powers off the
> machine.
>
> My question to you is, now that her machine is
> possibly comprimised, what tools can I use to check
> for trojans or other things that could have been
> installed.  I've run her Symantec System Scanning
> tool, and it shows no known problems.  Has anyone
> heard of this specific message, and is it simply
> designed to be annoying or does it install malware on
> the machine?  I know this information is vague, any
> advise is welcome.
>
> Kindest Regards,
> Matt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html