Pages

Thursday, February 19, 2009

Trojan. Dropper



Trojan. Droppers are trojans that instals in a system without the informing the user about their presence. Usually virus writers and hackers create trojan droppers to install other applications or placing the backdoor applications. It was discovered in february 2000. It is also known as virus.dropper. It affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP. However the threat level is low and can be easily removed.


However prevention will reduce the risk of infection. Some of the preventive measures are given below:




  • Use a firewall to block all the applications that are trying to connect the internet without your permission. This will reduce the risk even after the infection.


  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.


  • Isolate the infected computers quickly to prevent the trojan from spreading further. Perform a forensic analysis and restore the computers using trusted anti-trojan software.


  • Enforce a password policy. Complex passwords make it difficult to crack password files on infected computers. This helps to prevent or limit damage when a computer is infected.


  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.


  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available. I have put a post on disabling the autoplay in XP and vista earlier.


  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.


  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.


  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied. Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.


  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.


  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.


  • It is recommended to disable the system restore. You will get more information about enabling and diabling the system restore XP and other OS.


Disable or enable Windows Me System Restore



Disable or enable Windows XP System Restore



1 comment:

  1. Clean out those nasty little bugs.
    The antispyware solution from Orbasoft is one of the best scanners I’ve found so far to help me clean out those nasty little bugs that slows down my computer and causes it to freeze up or crash. It keeps my computer running like new and best of all it cost less than many of the other better known scanners that have been available for awhile now. I was glad that I finally found a scan that works and that’s so affordable. Orbasoft Antispyware is the best scanner I’ve used so far and you can find out more information by simply visiting http://orbasoft.com

    ReplyDelete