F**cked by a Trojan….

No, this isn’t a safe sex message.

Last friday 2005-07-08, I tried to send an email out about our family’s “Secret Santa” draw. Imagine my surprise when one of the receipients bounced my message back with the following explaination.

XXXXXXXXX@team.telstra.com: host
mailbo.vtcif.telstra.com.au[202.12.144.19] said: 554 Service unavailable;
Client host [220.233.25.199] blocked using sbl-xbl.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=220.233.25.199 (in reply to RCPT TO
command)

( Recipient name sanitised for their protection )

So, I proceeded to check the URL listed above and found that I was listed for sending spam??? WTF!!!

I found out that I was in fact listed on 3 separate sites and that the cause seemed to be that a host with my IP address ( which is static ) had been caught sending spam.

incidentally a few days earlier I had changed my antivirus software on my one and only windows box to AVG from Grisoft and discovered a Trojan called Boxed.3.am, apparently this charming piece of code hijacks your box and turns it into a spambot.

Now, my network at home is protected by

  • Hardware NAT appliance
  • Virus scanning by my mail server
  • Antivirus software on my Windows box

the Windows box in question uses Thunderbird and Firefox to avoid the dangers of Outlook and IE.

My wife, the primary user of the box has heard ( and heeded ) my “Don’t open attachments” and “Don’t download programs” warnings.

Even with all these precautions, we’ve still been hit.

How are the “Joe Sixpack” users supposed to keep their machines Virus and Trojan free??

According to the article 12 Minutes to PC infection an unpatched machine connected to the internet has a 50% chance of being compromised in the first 12 minutes……

Scary thought.

For the folks at home

  1. Use a firewall, preferably a dedicated device or machine
  2. Use antivirus and spyware tools
  3. Don’t use Outlook and IE
  4. Don’t open attachments (unless you REALLY have to)

Lately I’ve been getting three or four emails a day claiming to be from administrator, webmaster, postmaster, admin etc from my domain (which I administer) saying that my account is invalid or some nonsense, in all cases they contain an attachment that I’m sure has a virus or trojan in it, so BE CAREFUL !!!

This entry was posted in Technology. Bookmark the permalink.

5 Responses to F**cked by a Trojan….

  1. Anonymous says:

    Fark me. I would have thought your network was harder to crack than Forth Worth on a Sunday.

  2. Alex says:

    Despite my excitement when I saw the title of this post, Dan had not engaged in the ancient Greek sex rituals I had envisaged.
    :-)

  3. David Smith says:

    Could someone list a few good and trusted blog sites?.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>