November 15th, 2008, 06:01 AM
Trojan.webkit - how does it get in.
While on my visit to a company outlet, I connected my laptop to their VLAN. No sooner then I connected the laptop to their network my AV started detecting trojan. I was trying to access google and I could see the status bar showing a redirect too - qwertyy.cx (dont visit). It tried to access a page on the URL that was being detected as the malware. I have a different AV from the one's on the endpoints at all outlets. Also I have windows vista business fully patches. I have no extra software's on my machine that is not-patched. i checked my laptop again with secunia's scanner. I have a software based firewall too (although it doesnt come into the picture much here). All unwnted ports and services are blocked. So how does it get in ? Is it my laptop or is it affecting traffic of the entire network ?
I checked logs of the endpoints at the outlet all filled with same trojan entry, we use SEP at all endpoints. These are not patched completely and have few software's that are *old*. I can understand them being infected.. But my question is how is my laptop getting broken into ?
Here is the trojan getting detected :
I'm still at the outlet (although on data card now). I've scanned my machine with the installed AV and with 2 online scanners and nothing .. !
So how does this trojan get into ?
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.