[e-gold-list] RE: Real-time man-in-the-middle attack

Paul Davis paul at davis-company.com
Wed Mar 12 16:12:25 MST 2008 

In the full article on the Symantec website, the author lists six URLs and
one IP address as locations the Trojan uses.  There were three dot-coms and
three dot-infos.  I tested each URL to determine its IP address and found
that all three dot-coms did not have IP addresses.  The IPs of the dot-infos
are as follows:

58.65.238.115 
216.188.26.235 
78.129.166.35
And the following IP address was shown without a URL in the article:
85.255.119.218

The article goes on:
"The Trojan also downloads a copy of Trojan.Flush.J, which changes the users
DNS settings to the following attacker settings:

85.255.116.133
85.255.112.87"

So, to summarize, there are six IP addresses that need to be blocked:
58.65.238.115 
216.188.26.235 
78.129.166.35
85.255.119.218
85.255.116.133
85.255.112.87

The author recommends using your firewall to block these.  I use Kerio, and
I found it completely non-intuitive for this, so I sent a message to their
tech support.  Here is the reply I got, which may be of interest to others
using this popular firewall:

Thank you for contacting Sunbelt-software support.

1.    Open Sunbelt Personal Firewall's main window.
2.    Click the network tab on the left side.
3.    Click the "filter rule" button.
4.    Then click the "add" button.
5.    In the description type whatever you want to name this rule.
6.    Now we are going to add The IP Addresses to the Remote box.
7.    Leave the check in both directions.
8.    In the actions choose deny.
9.    Now click the "OK" button.
10.  We have just created a rule for these addresses to be avoided.

Paul Davis
 
 "Religion is regarded by the common people as true, by the wise as false,
and by the rulers as useful." - Seneca



---
You are currently subscribed to e-gold-list as: e-gold-list at kobly.com
To unsubscribe send a blank email to leave-e-gold-list-512001C at talk.e-gold.com

Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.

More information about the E-gold-list mailing list