Re: question to mfers here who know *** bout computers, from Trav


It got on judging by its infection files on about 5/4. My question is
for those geeks on here, and lord knows they're aplenty, wtf is the
vector for this trojan? I keep a pretty tight ship on this machine of
mine. I believe I was on AOL at the time, which is a temporary "not on
firewall" experience. Are there current security holes in Windoze w/in
the last 6 months or so exploiting RPCs or other port overruns or ***
like that? I OF COURSE did not download any executables and run them.

Do you recall if it was torpig.ae or torpig.bk?

It's hard to say exactly how you got this - it's been seen coming via
email attachment but I've also heard of people getting the latter
version via scripts - you go to a page and it simply runs the script,
downloading the trojan. Most of your better anti-virus packages will
nip these scripts in the bud even if they're not specifically
recognized; but occasionally they'll be missed.

Does anyone use the machine aside from you who might have opened
something?

Also, it's not impossible to get something like this when you open an
avi, mpg, or even an mp3. Some people attach scripts to their links to
these files, which again may or may not be caught by your AV program.
WMP has a ton of script capabilites that people can exploit.

The danger with torpig is that aside from the more blatant stuff like
changing pages and asking for info, it will also attempt to download
other malware. It also (at least the ae version) contains a keystroke
logger and opens a backdoor on your machine while active. Finally,
I've been told that the ae variant is often a targeted program - in
other words, you don't go out and get it, someone hacks your machine
and puts it there (which could go with your "no firewall" time).

I would seriously consider changing any banking passwords, and perhaps
even notifying your bank that an intrusion has been attempted. I would
also highly recommend doing a full system scan if you haven't already,
because more often than not this trojan will attempt to download
others.

.