Announcement

Collapse
No announcement yet.

How to stop trojans that has its own stmp engine?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to stop trojans that has its own stmp engine?

    Hi everyone, I know not every anti-virus/anti-spyware software would catch everything. But I had an incident back in 2008 that one of our computers got infected with a BOT virus and I believe it had its own smtp engine. Eventually I got it squared away but the damaged had been done. The company I worked for got blacklisted, so for a couple of days we were not able to send outgoing emails.

    My questions are there any software that will search for BOT or Zombie computers on the network? Or How about web filter devices? I heard that if anyone uses the internet in our network it goes through the web filter first and the web filter would screen URL address that has viruses, spyware, malware ect before it gets into the computer, Is that true? Also, would the web filters block any trojans sending out mass emails through the internet?
    Last edited by Shazam; 28th March 2009, 02:57.

  • #2
    Re: How to stop trojans that has its own smtp engine?

    What about blocking port 25 for everyone except for the mailserver?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: How to stop trojans that has its own smtp engine?

      Originally posted by Dumber View Post
      What about blocking port 25 for everyone except for the mailserver?
      Good idea, I'll google it. Do you recommend any links?

      Comment


      • #4
        Re: How to stop trojans that has its own smtp engine?

        I don't know what firewall you are using but you should review your rulebase.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment

        Working...
        X