Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (28)
  • add to favourites
    Add to Bookmarks

Everythinig’s in shambles!

Read: 772 Comments: 13 Rating: 39

In the issue Come on in—the door’s open, we emphasised that your computer system should include no unused services. Today we’re drawing our readers' attention to the fact that access to essential services should be controlled.

Trojan.PWS.Siggen1.57790 (a.k.a. Trojan.sysscan) makes use of RDP to infect target machines.

RDP (Remote Desktop Protocol) facilitates remote user access to a server on which a terminal service is up and running.

For this, hackers scan network hosts that are accessible (they may even use the search engine https://www.shodan.io/, which we discussed in one of our previous issues) and mount brute force attacks against them to try to guess the password.

Trojan.PWS.Siggen1.57790 can steal passwords used to access all kinds of services, applications, databases, and PoS software, as well as banking, taxation, and bookmaker sites.

Trojan.PWS.Siggen1.57790 tries to determine whether it’s being run in a sandbox and creates a hidden account in the infected system—perhaps, so that attackers can use it to access the machine remotely.

An open door for “honest folks”… Thieves won't have to break through it, and it will linger in your memory after you return to your looted home.

#Trojan #remote_access #password #security #terminology

Dr.Web recommends

  1. There are two ways you can find out what services are currently running in your system:

    Start → Run → enter services.msc → press ОК
    or
    Control Panel → Switch to Classic view → Administrative Tools → Services.

    Having opened this window, you can check whether any potentially dangerous services that could be making your system vulnerable are running in the system:

    1. Remote Registry lets remote users modify registry settings on your computer. If you stop this service, the registry can only be modified by local users working at the computer.
    2. Terminal Service facilitates multiple user connections to a computer and displays the desktop and applications on remote computers. Provides remote desktop functionality as well as remote administration, remote assistance, and terminal services.
    3. Messenger sends notifications to selected users and computers. In the absence of a network (and, accordingly, an administrator), it is completely useless. The service has nothing to do with Windows/MSN Messenger.
    4. SSDPSRV facilitates the discovery of UPnP devices on home networks. UPnP or Universal Plug and Play establishes an automatic configuration and connection between network devices, which ensures that a network (e.g., your home network) is accessible to a greater number of users.
    5. Alerter sends administrative alerts to selected users and computers. This service is not necessary for a home computer.
    6. Task Scheduler lets users configure a schedule for tasks to be executed automatically on their computers. Automatically launches applications, scripts, and back-up utilities at a scheduled time; malware can use the service to launch itself automatically. But legitimate programs can use this service, too.
    7. NetMeeting Remote Desktop Sharing (mnmsrvc) lets trusted users access the Windows desktop via a corporate intranet using NetMeeting.
    8. Remote Desktop Help Session Managercontrols remote assistance features.
    9. Telnet lets remote users log on to a system and run applications.

    This is not a complete list!

    Find out more about the services that are running in your system, and disable those that aren't necessary.

  2. If you use RDP, you can configure it to accept connections only from certain addresses.
  3. Strong passwords bring restful sleep. But don't think that by using long words you will outwit all hackers.
  4. Change your passwords regularly—another data leak may have already compromised them.
  5. You can use special utilities to check how resistant a password is to brute force attacks.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments