Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
Re: Computer Compromised...??
From:
David Gillett <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Wed, 23 Sep 1998 12:45:35 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (52 lines) 
On 22 Sep 98 at 20:11, Alan Bentley wrote:

>   While talking to a friend of mine on ICQ, an odd event occurred
> that has him concerned that his computer may have been invaded
> (i.e. Backorifice, Netbus, or similar program).  What happened is
> this:  While typing a message to send,  extra sentences appeared
> at the bottom of what he was typing saying something to the effect
> that 'someone would be trying to get into his computer using
> Netbus, and that this was a friend trying to warn him'.  This
> actually appeared as he was typing the message.  At the same time
> there was other activity (empty ICQ boxes popping up, etc.) My
> friend exited ICQ and then restarted it.
>   Any explanations..??

  NetBus (and BackOrifice) can have the kind of effect you describe.

  Both of these programs provide extensive power to an outsider,
*provided* he can get them installed on your machine.  In an ideal
world, this would be difficult.
  The first difficulty, when the target is a dial-up user, would
normally be to determine when the target is actually connected to the
net.  ICQ, however, allows you to advertise your machine's
availability, so that's one hurdle down.  [Holly Lewis suggests that
you can configure ICQ to conceal your IP address, but the author of
NetBus also provides a utility for getting past that.]
  Having found that the target is connected, the attacker then has to
get the software onto the target PC and its installation routine
executed.  There's no way to turn off Microsoft's NetBIOS protocol in
Windows 95, and older versions do not warn about connecting to the
Internet while "File and Printer Sharing" is enabled.
  [An alternative approach is to bury the compromising code in some
sort of attractive download, which gets the victim to download and
run the program without knowing it.  This sort of distribution is
known as a "Trojan Horse".]

>   Are there any good programs that will detect an invasion...??

  I believe Norton AntiVirus can detect and remove BackOrifice.
NetBus is actually older, but I think less well-known.

  For those who have firewalls (or NT) to block unwanted network
traffic (an awful lot of which seems to be NetBIOS queries from Win9x
machines, which could be a useful way to find targets....), NetBus
attempts to connect to port 12345, and BackOrifice uses port 31337
(by default -- invader can change it).

David G

                                  -----
        **Need help with PCSOFT mailing list? Send an Email to:**
        Bob Wright<[log in to unmask]> or Drew Dunn<[log in to unmask]>

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV