> 1-Anyone knows the best mailing lists or websites to > post some questions about trojans?
While I'm not sure what it is you're looking for, I would still suggest that you start by setting up links or bookmarks to several anti-virus vendor's sites. These usually provide pretty good information on Trojans and other malware (worms, etc) to include changes they make to systems. In some cases, they even go so far as to identify the (primary) infection vector. > 2-What is the trojan I am most likely to get into our > systems? It depends. What systems are you talking about? If you're looking just at the public lists, you might think that most folks w/ unpatched IIS systems are getting DDoS agents and IRC bots. But that's admittedly a very closed and limited source of information, and may not indicate an overall trend. User workstations may be different, particularly considering the kind of access you give them. The FriendGreet worm popped up on a system here yesterday. For the most part, Klez and the other worms have been caught by the email A/V software...so the only real issue I've seen (and this is specific to our infrastructure) is ad- and spy-ware, and the occaisional hoax. > Whats is the best protection? I've written several articles on the subject...some published by SF, others published in the Information Security Bulletin (CHI Publishing). The "best" protection is relative. In testing, some A/V tools don't detect netcat. Some of the IRC bots (powerbot, GTBot, russiantopz bot) aren't detected by A/V, b/c they are made up of two primary components that are both, themselves, legitimate programs. And we haven't even started to discuss the use of NTFS alternate data streams and other, more sophisticated methods of infection, storage, and execution. Your questions are pretty vague, to say the least. Some general answers can be given, but in order to meet your specific needs, you need to either (a) do the research yourself, or (b) work w/ someone and give them the information they need...specific os's, policies, infrastructure design, etc. Carv __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com