Targeted trojan attacks via Word flaw

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Please read on... Just wanted to let everyone know of this 'cool little tool (http://ipowl.com/). Ideas would be appreciated - eapr ----------------------------------------------------------------------- Posted via http://www.webservertalk.co ----------------------------------------------------------------------- View this thread: http://www.webservertalk.com/message1524923.htm Tag: Targeted trojan attacks via Word flaw Tag: 84705
  - 2
    - possible system intruder XP I was at work and checked my e-mail on my laptop there was a new mail message to me from my home computers hard drive (the home computer was on, no one was home) the subject line read short joke and the text of the message read check it out and it had half of my password, next there was a hyperlink to a site. I dont know where to start protecting Tag: Targeted trojan attacks via Word flaw Tag: 84704
  - 3
    - Windows applications aren't installing from Group Polcies? Hello: Just recently, I had setup another OU for computers, and I enabled loopback processing for machines. The machines are part of a SBS 2003 domain. All machine properly process the OU on the machine, but only install an application that I assigned (anti-virus), but they don't install other application, i.e., Outlook 2003 and Fax Transport Protocol. I don't see any suspect in the event logs, but the applications don't install anymore. Is there something different for machines when assigning applications? Thanks, --TJ Tag: Targeted trojan attacks via Word flaw Tag: 84701
  - 4
    - network with bandwidth problems need help please. Thanks for any help here, i have a network with 2 Server 2000 and 60 workstation, Windows 2000 and windows XP Pro. we are running a database called Visual Fox Pro 9.0 , we have security cameras that monitor 25 places on the building , now the way to display this cameras are over the TCP/IP , so we have a computer setup with LCD monitor to display this cameras not all of them only 6 , the computer works for a few days some times but some times the software for the cameras called "network viewer" does not respond, i called tech support for the product and they say is not their software , well i now is not the computer so , may be a Bandwidth problems We have 10/100 MB network. Have you guy seen a problem like this ??/.how can i test my network bandwidth, do i need to purchase a software, I really need help here I have never seen a problems with the bandwidth .. Thanks for any help here. Ronald M. Tag: Targeted trojan attacks via Word flaw Tag: 84697
  - 5
    - Windows Defender I can not get the Windows Defender application to successfully update ever. It says it is connecting to the internet to aquire new definitions but it always fails generating the following error message Defender was unable to complete the upload: 0x80072efd. I have followed the instructions provided by Microsoft to resolve the issue but the fix does not work any ideas? Tag: Targeted trojan attacks via Word flaw Tag: 84689
  - 6
    - Certificate problem with Windows Server 2003 Hi all, I'm trying to set up a RADIUS authentication method using 802.1x in a test lab, although I'm having a problem with certificates I wondered if anyone could help please. I have : an IAS (Internet Authentication Service) server, an IIS (web) server, a Domain Controller and a test client. All the above are Win Server 2003 except the client which is XP Pro, and are all in a test domain. My problem is that I don't want to use the Domain Controller as the Certification Authority, so I've installed CA on the web server, and given it relevant permissions. Now when I request a certificate for the computer account of the IAS server, I get the error "There are no trusted certification authorities available, You do not have permissions to request certificates from the available CAs, or the available CAs issue certificates to which you do not have permissions." The IAS server which I'm trying to request a certificate for has the Trusted Root Certificate from the CA server (the web server) in it's Trusted Root Certificates store. Now I'm logging in as an Enterprise Admin everytime I log in to any computer, so I wouldn't have thought its permissions. I'd be most grateful if anyone could help Tag: Targeted trojan attacks via Word flaw Tag: 84688
  - 7
    - Same name for workgroup and AD domain? We have some machines on our network that belong to a workgroup with the same name as our Windows AD domain. Are there any security issues that may affect our domain controllers if a workgroup with the same domain name exists? Thanks, Kurt Tag: Targeted trojan attacks via Word flaw Tag: 84685
  - 8
    - Its all about my Antivirus Well it seem that my antivirus is responsible for blocking the windows of gathering my IP Address.... The story goes by installing SP2 of winXP.... When I havent yet installed my antivirus the windows and my lancard successfully gathers my IP address but when I installed my antivirus software the problem goes.. First I thought that the problem is my Lan Card but by doing a little experiment I figure out who the real problem or what is causing this problem.... Im using a Panda Internet Security 2005 as an AntiVirus Software.. My question is what should I do??? Should I replace my current antivirus or is there another step in solving this problem of mine.... I hope answering this question should help me and others who are experiencing the same type of scenario.... Thanks Tag: Targeted trojan attacks via Word flaw Tag: 84684
  - 9
    - MS03-033 Hi, nach der Installation des Patches (http://support.microsoft.com/kb/823718/de) per SUS, erscheint nach jedem Neustart des Rechners erneut die Aufforderung, dass der Patch installiert werden soll. System: Windows XP Prof. SP1 Wei=DF jemand Rat? Tag: Targeted trojan attacks via Word flaw Tag: 84680
  - 10
    - MS Antispyware Leftovers Hi All, Is MS Antispyware and Windows Defender two separate applications so that the newer version does not depend on any files from the older version. I have a folder and several subfolders for MS Antispyware still listed in my program files folder after upgrading to Windows Defender. Can it and all references to it be deleted? Defender seems to be working fine and I didn't want to mess up anything by deleting something it depends on in MS Antispyware. TIA Ron Bee Tag: Targeted trojan attacks via Word flaw Tag: 84668
  - 11
    - Encryption for Powerpoint? Hi, Caveat: I have no idea how this cool stuff works. I have MS Powerpoint presentations I want to have someone show for me in my absence. However, I'm not willing to share! I can convert the PP into a .exe file, so my specific needs are: 1. Seperate user and administrator passwords 2. User password is only good for 1-2 file showings 3. File becomes unusable after a set amount of time. Any suggestions? Thanks, CR Tag: Targeted trojan attacks via Word flaw Tag: 84659
  - 12
    - DNS security question Hi, Is it considered a good security practice to not allow DCs making direct DNS requests to Internet? I have read about different DNS responses attacks that can help an attacker to take control of the DC via an incorrect DNS response (buffer overflow etc.). Would it be more secure to use DNS forwarders? If yes, where we should place them? Into DMZ? Thank you Tag: Targeted trojan attacks via Word flaw Tag: 84658
  - 13
    - IPSEC and ICMP I have a GPO that implements the Server (Request Security) IPSEC setting. Pretty much everything works except PING. When I try to PING from one server to the another, I get the 'Request Timed Out' message. My understanding is that this policy has a setting that allows ICMP packets to be sent unsecured so I don't understand why the PING is failing. TIA Tag: Targeted trojan attacks via Word flaw Tag: 84652
  - 14
    - Constant Ping From Domain Controller I help administer a small network with 3 windows 2003 domain controllers, each in a different subnet connected by T1 frame relay. The problem I am seeing is there is a constant ping from the Master Domain controller in the main office too the other domain controllers in the two remote offices. I have gone through the task manager and cannot locate what may be the source of these pings. Does anyone know if this is part of the 2003 active directory sync or keepalive? The pings have me worried there may be something on the server. Any help or direction provided will be greatly appreciated. Tag: Targeted trojan attacks via Word flaw Tag: 84650
  - 15
    - CryptoAPI CSP Availability I recently set up a new system with WinXP Pro SP2 and discovered that algorithms under Outlook didn't include SHA1 or 3DES... which I'm required to use under for a customer. I'm pretty sure the set of suported algorithms is from the CryptoAPI, and so the theory is that I can install additional CSPs. I recall doing this under prior versions of Windows with the "High Encryption Pack". However, I can't seem to find any MS download or product that will do this for XP. I found a list of the MS CSPs defined for the CryptoAPI at the following: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/microsoft_cryptographic_service_providers.asp Any suggestions or pointers? Chris B. sends/ Tag: Targeted trojan attacks via Word flaw Tag: 84644
  - 16
    - Record of when last login occurred on an XP workstation I have a computer in our office that was already logged in when the user came in. I am trying to find out when the computer was logged ini to see if someone was using it at night to read the person's email. Does anyone know where I can find a log of when it was logged in last? Tag: Targeted trojan attacks via Word flaw Tag: 84643
  - 17
    - In windows domain,if 'domain user' group has been remove from the what is the impact? Tag: Targeted trojan attacks via Word flaw Tag: 84637
  - 18
    - SMAC 2.0 MAC Address Changer is released! =============================== SMAC 2.0 - MAC Address Spoofer =============================== SMAC 2.0 URL: http://www.klcconsulting.net/smac SMAC 2.0 is released! SMAC is a powerful, yet an easy-to-use and intuitive Windows MAC Address Changer which allows users to spoof MAC address for almost any Network Interface Cards (NIC) on the Windows 2000, XP, and 2003 Server systems, regardless of whether the manufacturers allow this option or not. ================== SMAC 2.0 Features: ================== - Change MAC Address with 3 clicks: --- Click to select a network adapter --- Click "Random" to generate a MAC Address to spoof --- Click "Update MAC" to change and activate new MAC Address - Protect your personal privacy by hiding the real MAC Address of your Network Adapters - Easy, intuitive, and user-friendly GUI for viewing and changing MAC addresses - Allow users the option to set the network adapter to automatically restart after MAC Address spoofing, or manually restart - Displays the following information of your Network Interface Card (NIC) o Device ID o Active Status o NIC description o NIC Manufacturer o Spoofed status (Yes/No) o IP Address o Active MAC addresses o Spoofed MAC Address o NIC Hardware ID o NIC Configuration ID - Displays the Network Adapter manufacturer associated with the New Spoofed MAC Address - Allow users to generate random MAC Addresses for spoofing - Allow users the option to display detailed information of all available adapters, or ONLY the active network adapters - Allow users to display Network and IP Configuration (IPConfig) information with 1 button click - Allow users to view up to 10 Most Recently Used (MRU) MAC Addresses and select a new Spoofed MAC Address directly from the MRU list - Allow users to load a MAC Address List and choose New Spoofed MAC Address directly from the list (Professional Edition only) - Allow users to create comprehensive reports on Network Adapter details (Professional Edition only) - Built-in logging capability allows users to track MAC address change activities (Professional Edition has the option to turn-on or turn-off this option) - Remove spoofed MAC Address to restore original MAC Address SMAC URL: http://www.klcconsulting.net/smac ====================== Why use SMAC? ====================== -Protect Personal and Individual Privacy by cloning a different MAC Address. Many organizations track wired or wireless network users via their MAC Addresses... In addition, there are more and more wifi Wireless connections available these days, and Wireless network is all based on the MAC Addresses, therefore, wireless network security and privacy is all about MAC Addresses! -Perform Security Vulnerability Testing. Penetration Testing on MAC Address based Authentication and Authorization Systems, i.e. Wireless Access Points. (Disclaimer: Authorization to perform these tests must be obtained from the system owner(s).) -Build "TRUE" Stand-by (offline) systems with the EXACTLY THE SAME ComputerName, IP, and MAC ADDRESSES as the Primary Systems. If Stand-by systems should be put online, NO ARP table refresh is necessary, which eliminates any possible ARP related issues that could cause extra downtime. -Some online Game Players (Gamers) require changing the MAC addresses to fix IP problems for some reasons... -Build High-Availability solutions. For example, some firewalls that run on multi-port NIC's (i.e. quad port NIC) require the same MAC address for every port to achieve fail-over. -Troubleshoot Network problems. ARP Tables, Routering, Switching, ... -Troubleshoot system problems -Test network management tools -Test incident response procedures on simulated network problems -Test Intrusion Detection Systems (IDS), whether they are Host and Network Based IDS. -If for whatever reason you need to keep the same MAC address as your old NIC, but your old NIC failed... -Some software can ONLY be installed and run on the systems with pre-defined MAC address in the license file. If you need to install one of these software to another system with a different Network Interface Card (NIC) because your system or NIC is broken, SMAC will come handy. However, you are responsible to comply with the software vendor's licensing agreement. -Some Cable Modem ISP's assign users the IP addresses base on the PC's MAC addresses. For whatever reason, if you need to swap 2 PC's regularly to connect to the cable modem, it would be a lot easier to change the MAC addresses rather than to change Network Interface Card (NIC). (You need to check with your ISP and make sure you are not violating any service agreements.) ==================== SMAC URL: http://www.klcconsulting.net/smac Tag: Targeted trojan attacks via Word flaw Tag: 84616
  - 19
    - Publishing a Certificate Authority Enrollment site using SSL + ISA 2004 Hi. I am trying to publish a CA enrollment web site to external users using SSL and ISA 2004. I know that my site can be access through the internet if I just use HTTP, but I need to secure my site. Is there something I can look at to help me in this? TIA Tag: Targeted trojan attacks via Word flaw Tag: 84615
  - 20
    - NO_CLIENT_SITE I recently started having problems with one of my servers. It keeps recording the error message NO_CLIENT_SITE in netlogon.log. The funny thing is the IP address is the machine's PUBLIC IP address, not it's private address. The machine itself has been assigned a private IP address (NAT is done in the router). The machine is on a seperate subnet from my DCs, but the subnets are routed appropriately. I can ping my internal servers IP and I can trace directly to my internal servers. Any ideas? Tag: Targeted trojan attacks via Word flaw Tag: 84610
  - 21
    - Windows Defender (Beta 2): Definitions Update Problem Hi, I am using Windows Defender (Beta 2) and when I open it I see following message on home screen. â??Your definitions havenâ??t been updated in 16 days. Definitions allow Windows Defender to detect the latest harmful or unwanted software and prevent it from running on your computer.â?? There is a button in front of message â??Check Nowâ?? and I always click it. The software connects to Microsoft site and after some time displays that the definitions are updated. But I keep getting the same message. I am facing this for last 3 days and the day count started with 14. Kindly suggest a solution Thanks and Regards Vishal Kaushik Tag: Targeted trojan attacks via Word flaw Tag: 84609
  - 22
    - Failure Audits in Security Log I'm getting the following warning every 2 minutes in the security log on my W2000 DC. I'm pretty sure the warning is being generated by a connection on of my users is making to a remote server to access email for another company he works for. How can I get this warning to stop? I currently have GP set to audit account logon events pass/failure and audit logon events pass/failure (I'd like to keep these settings if possible). Here is the warning message being generated: Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 676 Date: 5/18/2006 Time: 11:04:25 AM User: NT AUTHORITY\SYSTEM Computer: (SERVER NAME) Description: Authentication Ticket Request Failed: User Name: username@remotedomain.com Supplied Realm Name: OUR DOMAIN.COM Service Name: krbtgt/OUR DOMAIN.COM Ticket Options: 0x40810010 Failure Code: 0x6 Client Address: 192.168.221.17 Tag: Targeted trojan attacks via Word flaw Tag: 84601
  - 23
    - Remote User "Quarantine" and access control I was at a Microsoft seminar a year or two ago that covered laptop or remote user access security and how Windows Server and other Micorosoft technologies could be used to control remote user access to business LAN. They talked about being able to set up VPN access to LAN and being able to scan remote user laptop/desktop to verify whether it's patches and updates were up to date and if they were the remote user was allowed into LAN if if they were not up to date then the remote user was "quarantined" and not allowed access to the LAN until it was updated and then allowed into LAN. What is required to do this and is there any documentation on how to set this up? Thanks, Jose Tag: Targeted trojan attacks via Word flaw Tag: 84600
  - 24
    - Set DCOM Permissions via Command Line Hi all ... I'm wonderring if anyone has any idea about how to (or if possible) set DCOM permissions via command line? I'm trying to script some permissions set up for new server Win 2003 OS installs and haven't had much luck finding a possible solution. Any help would be greatly appreciated. Thanks. Tag: Targeted trojan attacks via Word flaw Tag: 84598
  - 25
    - "Run AS" but with restrictions Hi there, I am playing around with the "Run As" option for allowing my "limited users" access to applications that require privileges of an admin. Instead of giving them the actual Administrator password, ive created another admin "BF2" user so they can use those credentials. What I am trying to do is: Restrict the local user down to a couple applications that he can use the "run as" command on as the "BF2" user, but I can still be able to use the run as option on all applications as the "administrator" user (for when I need to run admin programs) Ill give you an example... Local User (with limited privs) called JoeBlog Administrator User used for running programs called BF2 And local administrator is Administrator. Ok, so JoeBlog wants to play Battlefield2 (for instance) but punkbuster requires the program be run with admin provileges, so Ive created a BF2 user and added it to the administrator group, and they can now run BattleField 2 as the BF2 user and all is good. I have disabled the ability to log in (to the desktop) on the BF2 user, but I would like to restrict the "Run As BF2 user" down to just the Battlefield executable and nothing else. But still be able to "Run As Administrator" on everything else (for my management). Does anyone know of a way to lock this down? Would it be something that needs to be set on JoeBlog's account or the BF2 account? I can disable the Run As command all together but then I lose the option to run Battlefield as an admin user... Cheers :) Spyro Tag: Targeted trojan attacks via Word flaw Tag: 84589
- Next
  - 1
    - Flaws In XP Hi, can any one tell me why business or comapnies dnt use(or not that much) Windows XP as part of their server. Is there is any security issues, or are there some other flaws ? Thanks Tag: Targeted trojan attacks via Word flaw Tag: 84576
  - 2
    - Cable ISP Hi, I'm getting cable internet access for one home computer. Will the XP Firewall be sufficient? Do i need a router for security purposes? I currently have random IP with dial-up. Is the IP static with cable? What other security issues should i be concerned about? Thanks in advance :) Tag: Targeted trojan attacks via Word flaw Tag: 84575
  - 3
    - IPsec Over Tunnel I am trying to encrypt my wireless traffic with IPsec. My configuration is as follows: OpenBSD 3.8 gateway (192.168.100.20) connected to Linksys accesspoint via crossover cable. Macintosh OS X 10.4 (192.168.100.200) AirPort Windows XP SP2 (192.168.100.120) Intel PRO/Wireless 2200BG I am using isakmpd on the OpenBSD computer, racoon on OS X and ipseccmd on Windows. If I configure transport policies the setup works correctly. However, if I use tunnel, the Macintosh works correctly, but the Windows computer does not. Below are the ipseccmd commands I am using for Windows. Transport mode: ipseccmd -u ipseccmd -f 192.168.100.120=192.168.100.0/255.255.255.0 -n ESP[3DES,MD5]1800s -a cert:"C=US, S=Missouri, L=Saint Louis, O=Home LAN" -1s 3DES-SHA-2 -1k 1800s ipseccmd -f 192.168.100.0/255.255.255.0=192.168.100.120 -n ESP[3DES,MD5]1800s -a cert:"C=US, S=Missouri, L=Saint Louis, O=Home LAN" -1s 3DES-SHA-2 -1k 1800s After executing these commands, I can ping 192.168.100.20. After several "Negotiating IP Security" messages, I receive replies from the remote computer. I can ping from the OpenBSD computer to the Windows computer as well. Tunnel mode: ipseccmd -u ipseccmd -f 192.168.100.120=0.0.0.0/0.0.0.0 -t 192.168.100.20 -n ESP[3DES,SHA]1800s -a cert:"C=US, S=Missouri, L=Saint Louis, O=Home LAN" -1s 3DES-SHA-2 -1k 1800s ipseccmd -f 0.0.0.0/0.0.0.0=192.168.100.120 -t 192.168.100.120 -n ESP[3DES,SHA]1800s -a cert:"C=US, S=Missouri, L=Saint Louis, O=Home LAN" -1s 3DES-SHA-2 -1k 1800s After executing these commands and pinging 192.168.100.20 I receive several "Negotiating IP Security" messages again. However, instead of receiving replies, I now get "Request timed out". If I examine the Oakley.log file, I can see that SA is successfuly netotiated. I would expect that if firewalls or some other ICMP block was in place, that it would affect both transport and tunnel mode. Any suggestions? thanks, Michael Tag: Targeted trojan attacks via Word flaw Tag: 84562
  - 4
    - Printers dont assign after GPO Security changes... Hi guys, Got a bit of a complicated one so put your thinking caps on. We've gone through recently and tightened down our Win2k3 domain (with only WinXP clients) using Group Policy. Since we have made some changes, most of which are recommended or required, clients are no longer having their printers mapped via logon script. These are the Security GPO changes made: - Domain controller: LDAP server signing requirements (Require signing ) - Domain member: Digitally encrypt or sign secure channel data (always) (Enabled) - Domain member: Require strong (Windows 2000 or later) session key (Enabled) - Network access: Allow anonymous SID/Name translation (Disabled) - Network access: Do not allow anonymous enumeration of SAM accounts (Enabled) - Network access: Do not allow anonymous enumeration of SAM accounts and shares (Enabled) - Network access: Let Everyone permissions apply to anonymous users (Disabled) As for the printers users were getting their access via the EVERYONE group. I have confirmed that as far as the Printer groups go, everyone is a member of their associated groups. The logon script says that if you are a member of that group, then map that specific printer. Since the groups arent assigned to the printers, they were naturally getting their access (previously) via the EVERYONE group. Since the above security changes, users seem to have lost their access to the EVERYONE group and the logon script is no longer installing the printers for them. I can confirm that the logon script has not changed since no one here knows VB :o) It was definitely one of the above changes. Can anyone think of which one? Thankyou Hutchy Tag: Targeted trojan attacks via Word flaw Tag: 84561
  - 5
    - Backup utility I would like to use the Backup Utility in Windows XP Home. It is not preinstalled and does not appear to be included in the Installation Disc provided by Dell along with my computer. I have tried emailing Dell but each reply sends me round in circles from one "support" site to another. Can anyone tell me how I can download Backup............please? Tag: Targeted trojan attacks via Word flaw Tag: 84557
  - 6
    - Microsoft Certification Authority Hi All, Just curious about something in the Microsoft Certification authority; I have a number of issued certificates that are expired or are nearing expiration, is it possible to renew the issued certificates (and how do i go about doing this? Any good articles/walkthroughs?). What I want to avoid is having to reissue the certificates to each of the clients. Is this possible? or will I have to generate new certificates and distribute them to my end users again? TIA J Brown Tag: Targeted trojan attacks via Word flaw Tag: 84552
  - 7
    - Networking problem I have set up a home network between my main comp and my laptop but my laptop is saying I do not have permission to view my network path...anyone know how to alter this? -- CJB Tag: Targeted trojan attacks via Word flaw Tag: 84537
  - 8
    - systemprocess locks port 21 Hi, everyone, I have to following problem: After starting the remotedesktopserver on an win2000-system the port 21 ist locked by process System:8 (found with tcpview.) The IIS runs on that machine, but the FTP-component is not installed. There is no suspicious process (other then windows) running, there is no traffic on port 21 and a telnet-login on port 21 is not possible. Any idea? Thanks in progress. Tag: Targeted trojan attacks via Word flaw Tag: 84535
  - 9
    - Security feature in Microsoft's new Windows (Vista) could drive users nuts "SEATTLE - An annoying surprise awaits 2 million consumers expected to enthusiastically step forward in the next few weeks to help Microsoft test its new Windows Vista PC operating system. Volunteers will test Vista Beta 2, a near-final version of the much-hyped upgrade of Windows. The testing is the last step leading up to Vista's broad consumer release, scheduled for January. Beta 2 testers can expect to encounter an obtrusive security feature, called User Account Control (UAC). Designed to prevent intruders from performing harmful tasks, the feature grays out the computer screen, then prods you to confirm that you really want to do certain functions. In early test versions, the queries crop up so often that they interrupt routine tasks, such as changing the time clock or deleting shortcuts. And UAC sometimes triggers an endless loop of dialogue boxes that can be curtailed only by rebooting, says Paul Thurrott, news editor of Windows IT Pro magazine." http://www.usatoday.com/tech/products/2006-05-15-vista-security_x.htm?csp=34 -- Imhotep Tag: Targeted trojan attacks via Word flaw Tag: 84526
  - 10
    - SBS FTP service getting slammed. We have a low IT budget. I am using FTP to backup remote computers. Someone discovered my FTP service was opened and has been hitting me with 10's of thousands break-in attempts. Usually trying the administrator user. They will probably not figure out the user name, because I have changed the admin username, but it is almost everyday. Yesterday they tried the username of "Julian" Go figure. The police here won't do anything. Neither will my ISP. Any ideas? Thanks! Tag: Targeted trojan attacks via Word flaw Tag: 84512
  - 11
    - server 2000 i think some one is connecting...help..please thanks. Hi, every one, thanks for any help in advance, I have windows 2000 server, with a Juniper hardware firewall, for some reason on the last 2 weeks very strange thing has been happening, some user passwords has been changed, some new user has been created, I would like to know what kind of software I can use to protect and monitor my server for this kind of attacks. Thanks for any help here. R.M> Tag: Targeted trojan attacks via Word flaw Tag: 84506
  - 12
    - Cannot login to Administrative Shares but can enumerate Hi: wk3 with xp2 clients. I can enumerate the administrative shares on all machines by giving my admin credentials. But when I try to login through \\machinename\c$, my password is not accepted. What might be the issue here? Tag: Targeted trojan attacks via Word flaw Tag: 84504
  - 13
    - File permissions screwed up Hello all, I copied a data structure from folder on my server to another, using the xcopy /t command. Example "xcopy /t c:\data c:\share". Now it seems that whenever I try to assign permissions to those folders (c:\share), it tells me "access is denied". I'm trying to assign 3 different user groups access to the folder. 2 user groups need Full Access, the last group is read-only. As long as I'm the administrator on the server, I can create a file within the folder. Once I go to the workstation, no joy. Even if I sign on as Administrator, I can't create a file on that directory. It's like it killed all network access to the folder. Any ideas would be greatly appreciated... Tag: Targeted trojan attacks via Word flaw Tag: 84502
  - 14
    - Remote Windows User List Disclosure Vulnerability Hi everybody, We use a tool that audit our servers in order to avoid vulnerabilities.I=B4ve a DC w2003 with the following vulnerability: Remote Windows User List Disclosure Vulnerability. That means that a null session connection to the IPC$ share was successful and NetBIOS access can be obtained with any authenticated account on that host. Therefore unauthorized users can steal the remote user list. This kind of attack is commonly exploited by users with weak passwords, such as the GUEST account. Microsoft has published this article: http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;246261 The values for w2000 and w2003 are different. I=B4ve read that in w2003 in order to restrict anonymous you can only use 0 for disable and 1 for enable it. Meanwhile, in windows 2000 you have one more possible value, 2. Anyway, I=B4ve try to set it to 1 or 2 without success. I=B4ve also disabled the posibility of enumerate sam accounts and shares trought the domain controller security policy. After restarting the server I obtain again the vulnerability in that server. Any idea about this issue? Your help would be much appreciated, Regards. Victor Fdez-Pe=F1aranda Tag: Targeted trojan attacks via Word flaw Tag: 84501
  - 15
    - Assign PID can i assign a PID to a process? Thank you Tag: Targeted trojan attacks via Word flaw Tag: 84499
  - 16
    - signcode via proxy is there a way to get signcode go thru a proxy ? Tag: Targeted trojan attacks via Word flaw Tag: 84495
  - 17
    - Wield the Shield: How Trustworthy Is Your OS? "Trusted operating systems have been used for some time to lock down the most sensitive of information in the most sensitive of organizations. But with security concerns rising and changing by the hour, it's now a matter of trust for any organization looking to tighten its computing ship." http://www.eweek.com/article2/0,1895,1961947,00.asp Im Tag: Targeted trojan attacks via Word flaw Tag: 84490
  - 18
    - Use of CCleaner - I was recommended the use of CCleaner as a fine way to clean my computer. This is clearly a thorough tool - in fact so throrough that my bank account portal has erased all links to my other banks accounts. (I have a prgram supplied by my Credit card co which allows me to link to all my other bank accounts (i.e. retails the passwords etc.)). Which option on CCleaner do I disapply to allow my computer to retain these deatils on my PC? I don't really want to insert multiple details every time I wish to view my finances. Can anyone assist please? Tag: Targeted trojan attacks via Word flaw Tag: 84481
  - 19
    - netstat showing too many connections LISTENING When I run "netstat -a" on my server, it shows lots of open connections (like EM_SVR1.co_name.com:0) in the LISTENING state. These connections seem to stay open, and keeps increasing over time, and the application soon fails because it cannot get any more ports! After a couple of days, I have pages and pages of this listing. Just typing netstat or using gui tools such as tcpview does not show all these connections. I need to figure out how to make sure these connections eventually go away, and the application does not fail. The PID of these connections show that it is my application that owns/initiated the connections. Any help or pointers is greatly appreciated. Thanks. ----------- netstat -a output --------------------- Active Connections Proto Local Address Foreign Address State TCP EM_SVR1:ftp EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:smtp EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:http EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:epmap EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:https EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:microsoft-ds EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:1025 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:1027 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:1044 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:1047 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:1051 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:1098 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:1099 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:2967 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:3389 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:3528 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:4444 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:4445 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:5800 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:5900 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:6050 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:8009 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:8083 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:41523 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:netbios-ssn EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:3528 EM_SVR1.co_name.com:4120 ESTABLISHED TCP EM_SVR1:4120 EM_SVR1.co_name.com:3528 ESTABLISHED TCP EM_SVR1:netbios-ssn EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:3389 10.10.200.1:63571 ESTABLISHED TCP EM_SVR1:4326 phxemwddev001.co_name.com:ms-sql-s ESTABLISHED TCP EM_SVR1:4369 phxemwddev001.co_name.com:ms-sql-s ESTABLISHED TCP EM_SVR1:4515 phxemwddev001.co_name.com:ms-sql-s ESTABLISHED TCP EM_SVR1:4516 phxemwddev001.co_name.com:ms-sql-s ESTABLISHED TCP EM_SVR1:4517 phxemwddev001.co_name.com:ms-sql-s ESTABLISHED TCP EM_SVR1:4518 phxemwddev001.co_name.com:ms-sql-s ESTABLISHED TCP EM_SVR1:4519 phxemwddev001.co_name.com:ms-sql-s ESTABLISHED TCP EM_SVR1:4537 phxemwddev001.co_name.com:ms-sql-s ESTABLISHED TCP EM_SVR1:4552 phxemwddev001.co_name.com:ms-sql-s ESTABLISHED TCP EM_SVR1:4553 phxemwddev001.co_name.com:ms-sql-s ESTABLISHED TCP EM_SVR1:4561 phxemwiprod001.co_name.com:epmap ESTABLISHED TCP EM_SVR1:4562 phxemwiprod001.co_name.com:1025 ESTABLISHED TCP EM_SVR1:14147 EM_SVR1.co_name.com:0 LISTENING TCP EM_SVR1:http EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:epmap EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:https EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:microsoft-ds EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:1025 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:1027 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:1044 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:1047 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:1051 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:1098 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:1099 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:3528 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4120 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4121 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4122 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4128 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4132 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4137 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4140 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4141 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4142 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4143 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4144 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4145 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4146 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4147 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4148 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4152 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4160 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4167 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4177 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4191 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4192 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4193 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4196 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4199 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4200 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4202 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4203 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4204 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4205 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4208 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4220 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4246 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4247 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4291 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4296 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4297 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4298 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4299 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4301 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4302 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4303 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4306 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4313 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4326 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4327 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4341 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4344 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4346 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4348 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4352 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4354 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4364 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4365 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4366 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4367 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4368 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4369 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4370 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4380 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4404 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4433 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4434 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4435 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4438 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4441 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4442 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4443 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4444 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4445 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4446 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4447 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4450 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4484 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4485 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4491 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4492 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4493 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4502 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4515 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4516 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4517 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4518 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4519 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4520 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4523 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4524 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4526 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4528 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4537 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4540 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4552 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4553 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4554 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:4673 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:8009 EM_SVR1.co_name.com:0 LISTENING 0 TCP EM_SVR1:8083 EM_SVR1.co_name.com:0 LISTENING 0 UDP EM_SVR1:isakmp *:* UDP EM_SVR1:1035 *:* UDP EM_SVR1:2148 *:* UDP EM_SVR1:2799 *:* UDP EM_SVR1:3105 *:* UDP EM_SVR1:3456 *:* UDP EM_SVR1:3550 *:* UDP EM_SVR1:4500 *:* UDP EM_SVR1:6050 *:* UDP EM_SVR1:41524 *:* UDP EM_SVR1:ntp *:* UDP EM_SVR1:netbios-ns *:* UDP EM_SVR1:netbios-dgm *:* UDP EM_SVR1:ntp *:* UDP EM_SVR1:netbios-ns *:* UDP EM_SVR1:netbios-dgm *:* UDP EM_SVR1:ntp *:* UDP EM_SVR1:1028 *:* UDP EM_SVR1:1062 *:* UDP EM_SVR1:3456 *:* UDP EM_SVR1:4072 *:* UDP EM_SVR1:ntp *:* UDP EM_SVR1:ntp *:* Tag: Targeted trojan attacks via Word flaw Tag: 84474
  - 20
    - Take Ownership of Multiple files at once Hello- We just installed a new server and on the old server we had a directory of photos that only two users had access to, myself (admin) and our lab tech. These permissions were assigned via NTFS. Now that I have put the drive in the new server it is not allowing me to do anything with the files as no one on this local computer has any security permissions for it. I can manually take ownership of folders and files with the admin rights I have on the server but there are over 450 photos in there and it would seem rediculous to have to do them individually. I have gone into the security/advanced tab of the parent folder and trield clicking the check box to "Replace permissions entries on all child objercts with entries shown here that apply to child objects" but it wont let me because there are no rights to the photos so it says access is denied. Is there any way I can take ownership of all of those files all at once in order to reassign proper permissions? I tried the obvious of selecting them all and going to the security tab but that is not available for muliple selected objects it states. Thanks in advance for any assistance! Tag: Targeted trojan attacks via Word flaw Tag: 84472
  - 21
    - IPSec client for Windows Mobile 2003 Hi all, seems a silly question, but I can't find the answer inside microsoft.com site : does a IPSec client exists for Windows Mobile 2003 ?? Any URL pointing to information on it will be welcome !! Thanks in advance Tag: Targeted trojan attacks via Word flaw Tag: 84470
  - 22
    - Windows Defender When running the install after the defender download I get the following message - path c:\\windows\downloaded installations\(0F5BF410-4D79-4DBE-AF54-C3271D47D4BD)\microsoft antispyware.msi cannot be found. Verify you have access to the location and try again or try to find the installation package microsoft antispyware.mist in a folder from which you can install the product. I posted the download on my desk top and ran the installation. Got the above message. Downloaded the program into temporary folder and got the same message. Help. Tag: Targeted trojan attacks via Word flaw Tag: 84467
  - 23
    - searching in cells I was trying to search for a number (200310005 - formated as text) in a cell in an Excel spreadsheet. I do this from "My Computer" (searching content) but the search fails to produce the correct document even when the search string is in the excel sheet. I've checked the formating of the cell (text). I've exported the excel sheet to text and imported it to a new file - doing the search again. It fails again. Formated as text or not. Any suggestions on what's going on here? (Excel 2000) Martin S Tag: Targeted trojan attacks via Word flaw Tag: 84457
  - 24
    - MS CryptoAPI: HMAC using PLAINTEXTKEYBLOB Hi, all! I want to create a program using CryptoAPI which calculates HMAC-SHA1 using a key specified by PLAINTEXTKEYBLOB. I have a 20-byte key for HMAC-SHA1 and want to use it. How should I do? Should I import the key by CryptImportKey()? But I have to specify an encryption key algorithm and I donno which algorithm I should use. Your kind help is welcomed. Tag: Targeted trojan attacks via Word flaw Tag: 84456
  - 25
    - Windows firewall Can anyone tell me why when i connect to the net my windows firewall switches off? i switch it on but afer a while it will switch itself off again? i have done a anti-virus scan and windows defender scan not bugs found, help please Tag: Targeted trojan attacks via Word flaw Tag: 84440

"A U.S. company is among the apparently small number of victims specifically
targeted by a malicious group using a previously unknown vulnerability in
Microsoft Word."

http://www.securityfocus.com/brief/213

Imhotep

Top