So I was still worried.Ī Trojan horse is a bit different from a virus, in that it can be disguised as something legitimate and attached to, say, an e-mail message. Although we use NAT for our internal desktops, there's always a way to bypass security. My fear was that a Trojan horse program was in the system and was allowing a third party to gain control. Next, I wanted to address the issue of the floating Windows NT mouse cursor. He told me that the password change was a legitimate one made by one of the Oracle administrators, who had forgotten to communicate it properly.Ĭool - that issue seemed to be resolved. Then I received a telephone call from the manager of engineering. I next had the administrator change all of the passwords on the system. I wouldn't immediately attribute such action to a hacker, but nevertheless, someone had started the ball rolling, and as the security manager, I had to run with it.Īs for that Oracle database, I immediately took an image of the system, using the Unix data dump utility to copy the entire file system to an external drive. The e-mail disclosed that the Oracle system passwords had been changed without authorization. So then I was concerned that the perpetrator might know that we were on to him and try to cover his tracks. Because of the way our environment is configured, there's a high likelihood that if there's a hack, an internal employee is responsible, rather than an inquisitive college kid. I made a mental note to tell the staff that in the future, if they suspect that a hacker has visited them, they shouldn't announce it to the entire company. How do you detect a Trojan horse program? The "Windows NT Intruder Detection Checklist" at the Web site of the CERT Coordination Center at Carnegie Mellon University is a good start.īeen hacked? CERT's "Steps for Recovering from a Unix or NT System Compromise" is a well-written checklist that shows how to recover. When the recipient executes it, the server installs itself and automatically notifies the hacker, who can gain access to the remote computer.įor more information on Back Orifice and other Trojan horse viruses, see this link at Symantec Corp.'s Web site. The hacker e-mails the server portion as a file attachment and renames it to something innocuous, such as orgchart.ppt. Trojan horse: A program hidden in a seemingly innocent executable file that, when launched, may destroy data, steal account information and allow a hacker to remotely control a system to launch attacks on other systems - all without the user's knowledge.īack Orifice: Advertised as a remote administration tool, this client/server utility functions as a Trojan horse.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |