 |
Information Security Team
Communications Building
1156 High Street
Santa Cruz, CA 95064
Phone: (831) 459-HELP
Other UCSC Links:
• UCSC Home
• MyUCSC
• ResNet
• UCSC Library
• AIS Home
Maintained by
secweb@ucsc.edu
Last Reviewed on Oct 26, 2004
© 2008 The Regents of the University of California
|
|
Tips, Tricks & Tools
Software
- Local copy
of the Mozill-Firefox web browser.
FireFox is a free/fast/secure web browser based on Mozilla.
(md5 checksum: 4bb6c55e5d7482ec66cefad3b93cdfef)
- McAfee's Stinger
standalone virus detection/removal tool.
Stinger is a stand-alone utility from McAfee used to detect and remove
specific viruses. It is not a substitute for full anti-virus
protection. Please refer to the McAfee Website for more
information.
- Sasser
removal tool from Microsoft. Sasser is a worm which attempts to
exploit the LSASS vulnerability described in MicroSoft
Security Buliten MS04-011. This worm spreads by scanning IP
addressess for vulnerable systems.
-
Local copy of
the Qhost Removal
tool from Symantec. Trojan.Qhost is a trojan horse that will modify
the TCP/IP settings of an infected computer to a different DNS
server. For more information on Trojan.Qhost, please refer to this
Symantec website.
(md5 checksum:
e734b3628765cecbe0046ae8897c78da)
-
Agobot/Phatbot disinfection tool.
Agobot is an IRC controlled backdoor that can be used to gain
unauthorized access to a victim's machine. It can also exploit weak
passwords on administrative network shares. Once you've run this tool,
please reboot your machine and rescan once more.
(md5 checksum:
47d8b46d22c6bbe6876bf1fffcad95db)
- Local copy of the
Novarg.A/MyDoom disinfection tool.
W32.Novarg.A@mm is known to spread via e-mail, attaching itself to
e-mail messages as one of five currently known file extensions: .cmd,
.pif, .scr, .zip and .exe. Upon execution of the malware, a copy is
dropped into the system folder as taskmon.exe. Please see these
instructions provided by Sophos.com for information on disinfecting
your computer.
(md5 checksum: c0f6be120f32f252074cca0553ca3d04)
- Local Copies of the
Blaster and Welchia/Nachi worm tools: The recent discovery of major
flaws in Microsoft's implementation of the Remote Procedure Call (RPC)
protocol has led to these worms which exploit the same flaw. Here you will find local
copies of tools and instructions for removing these worms from your
computer.
- PasswordSafe:
a free Windows 9x/2000 utility that allows users to keep their passwords
securely encrypted on their computers.
- SSH (Secure Shell):
enables secure terminal sessions and file transfers to and from ssh-enabled
servers. It also enables the secured use of networked applications over
untrusted networks.
- PGP (Pretty Good Privacy): provides
secure data storage and secure messaging for individuals using mainstream
email applications.
- Free
Personal Firewalls: protect systems from intruders while preventing
unauthorized access from your system to a network (containment).
- Kerberos
Client Software: the Kerberos client allows certain programs, such
as Eudora, to use more sophisticated authentication that protects user
passwords.
- TCPView:
(from Sysinternals.com). This tool, for Windows 9x, Windows NT (4/5) and Windows XP, will
graphically show all active network connections on your computer and the programs
that are holding those connections open. This can be useful for finding out which
programs are opening network connections and who they are commincating with
(typically, trojan software will open a network connection to a controlling server
so that it can receive commands).
- PsTools:
(from Sysinternals.com). This is a collection of utilities for Windows NT (4/5) and
Windows XP provides, via the command line, the functionality of several unix uilities
such as "ps" and "kill". Sorry, there's no Windows 9x version.
Making a Secure and Memorable Password
Tips
US-CERT Cyber Security Tips
|
