Home | Letters | Links/Downloads | Prevention | FAQ | Phishing | Contact Us

Internet Security Department | Hawaii

Quick Links

  • Home
  • Warning Letters
  • Links/Downloads
  • Prevention
  • FAQ
  • Phishing
  • Contact Us

    		• Portscanning

    Portscanning is when one computer scans another computer looking for vulnerabilities. Different services and applications designate a specific port for communicating. For example, incoming email uses port 110, outgoing email uses port 25. Usually portscanning of this type is done to exploit a vulnerability in the software using that port. Sometimes exploiting this vulnerability will allow unauthorized access to the target computer. Network worms commonly portscan as part of the replication process. In order for us to process a complaint about one of our customers, the party complaining needs to provide evidence that this type of activity occurred from one of our users. This is usually in the form of firewall logs. In the firewall logs, the information that can be collected is the originating Ip Address, the destination or target Ip Address.

    Most of these complaints are the result of computers being infected with some type of worm or trojan horse.

    If your computer is infected with a worm, the chances are that it was portscanned first and the worm doing the scanning detected your computer as being vulnerable. The next step would be for the worm to take advantage of that vulnerability and infect your computer. Once infected, your computer would start scanning for others to infect. A router can often help protect your computer from this type of attack.

    It's not uncommon to have an email virus or network worm install a backdoor after infecting a computer. In that instance the email virus could be sending itself out via email, while the trojan horse is portscanning.

    The most common ways to become infected with an network worm and/or trojan horse are as follows:

  • Email Attachments
  • Not having Windows current with the most recent critical security patches
  • Visiting malicious websites using Internet Explorer
  • Downloading and installing trojan infected applications
  • Using P2P programs such as Kazaa, iMesh, Bearshare, etc.

    Once installed, a trojan horse is capable of allowing the following actions to be performed remotely to the infected computer.

  • Open a backdoor to your system
  • Disable your antivirus and firewall
  • Scan for other vulnerable computers on the internet
  • Install a keystoke logger (captures keystrokes)
  • Install an SMTP or proxy server (to send out spam)
  • Use the computer to launch attacks on other computers
  • Install a password stealer
  • View what's on your monitor
  • Use your computer to attack others
  • Install and run scripts
  • Watch your webcam
  • Install a webserver often hosting illegal content (website on your computer)
  • Install other hidden utilities (which can be used for identity theft)

    See below for some suggestions on how to resolve this issue

    THE FOLLOWING ARE SUGGESTIONS ONLY, AND ARE PROVIDED STRICTLY FOR YOUR CONVIENIENCE.
    ROAD RUNNER DOES NOT ACCEPT ANY RESPONSIBLILTY FOR ANY DAMAGE, INCLUDING LOSS OF DATA AS A RESULT OF PERFORMING
    ANY OF THE STEPS BELOW. ROAD RUNNER STRONGLY RECOMMENDS BACKING UP ALL IMPORTANT DATA BEFORE PROCEEDING.


    Important- Before you start, consider backing up the files on your computer that you can't afford to lose in the event something unforeseen happens. For example pictures, documents, etc. You may want to consider backing up the least amount of data possible, so you don't end up reinfecting your computer with the backup.

    Worms

    Antivirus programs are generally able to remove worms. There are also a lot of free removal tools available from Symantec's website (http://www.sarc.com) under the "Removal Tools" section. Also make sure you have all the latest security patches installed from Microsoft's website (http://windowsupdate.microsoft.com)

    Trojan Horses

    It is becoming increasingly common for trojan horses to avoid detection by major brands of antivirus software. If you run a scan with your current antivirus software and the results show no infected files, the most probable reason for this is your antivirus software is simply failing to detect the infected files.

    This could be because your antivirus has not been updated with the most current virus definition files, the trojan/virus has disabled it, or the software simply cannot detect it. If this happens even after you update your antivirus, don't assume your system is clean. Instead, we either recommend trying different programs until the trojan is found, or have it checked out by a computer technician.

    In general Anti-Spyware programs such as AdAware are not going to be sufficient to remove trojan horses

    Antivirus Software

    Often times you will be able to successfully remove a trojan horse with antivirus/trojan scanning software. If the software you currently have on your computer doesn't find anything, even after being updated with the vendors most recent updates, you may want to try some different brands. You will find a lot of free downloads on our "Links/Downloads" page. If none of the software is able to find and remove the problem we recommend contacting your computer manufacturer or a computer technician.

    Take it to a Professional

    Another option is to have a professional computer technician fix it. There are many qualified technicians in the area, and a lot are listed in the phonebook. If you are not comfortable with performing any of the steps above, we would recommend having a computer technician assist you. Here is a listing of Road Runner Approved Technicians or seek the assistance of your computer technician.

    Format the Hard Drive

    Yet another option is to format the hard drive. Formatting the hard drive erases all the data on the drive. In addition to removing any trojan horses or viruses, it will remove everything the trojan may have uploaded/downloaded to your system. In addition, it will probably significantly improve the performance of your computer.

    This can be done two basic ways.
    1. Manually with the Operating system cd and boot up floppy
    2. With restore/recovery cd(s) that came with the computer

    If your computer did not come with the restore/recovery cd(s), you will most likely have to do the format manually. If you don't know how to do this and formatting is the option you have chosen, we recommend you contact a qualified computer technician to assist you.

    If the restore/recovery cd(s) were included with your computer, and you're not sure how to proceed, your computer manufacturer should be able to walk you through the necessary steps. They may charge an hourly rate for this, unless your system is still covered under the support warranty.

    Once your system is clean you'll want to keep it clean. So to help you with this, on the next page we've put together some basic suggestions you can follow to help prevent this from happening again. Following these steps does not guarantee reinfection will not occur, but it will certainly help.


    Next
    		•