Home page logo

basics logo Security Basics mailing list archives

Re: Proxy+ Trojan
From: "KoRe MeLtDoWn" <koremeltdown () hotmail com>
Date: Mon, 03 Feb 2003 23:47:48 +0000

The simple answer is find out how it was put on there, and block off that avenue. Then do a security audit on that machine... that Might go a long way to protecting you from this in the future. Though this all depends on weither the proxy was installed by a remote or local user.
More info please...


Hamish Stanaway

-= KoRe WoRkS =- Internet Security
Auckland, New Zealand


Is your box REALLY secure?

From: "Bill" <proftpd () anatek com>
To: <security-basics () securityfocus com>
Subject: Proxy+ Trojan
Date: Sat, 1 Feb 2003 00:33:48 -0600
MIME-Version: 1.0
Received: from outgoing3.securityfocus.com ([]) by mc6-f3.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 3 Feb 2003 11:22:56 -0800 Received: from lists.securityfocus.com (lists.securityfocus.com [])by outgoing3.securityfocus.com (Postfix) with QMQPid 8094FA30DE; Mon, 3 Feb 2003 11:49:43 -0700 (MST)
Received: (qmail 9098 invoked from network); 1 Feb 2003 06:33:06 -0000
X-Message-Info: dHZMQeBBv44lPE7o4B5bAg==
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Message-ID: <057301c2c9bb$e211cd40$6501a8c0 () develop1>
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Return-Path: security-basics-return-17647-koremeltdown=hotmail.com () securityfocus com X-OriginalArrivalTime: 03 Feb 2003 19:22:56.0703 (UTC) FILETIME=[A7F4ECF0:01C2CBB9]

Someone installed Proxy+ on one of our servers (Win2K/IIS5) and left it open
on a high port for spammers.  I've shut it down, but how do I prevent them
from doing this again?

Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]