Security Analyst – Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH

Symantec has reported that there is a rogue version of putty.exe (a remote connection tool used by many techs to connect over ssh, serial ports, etc.) This version is designed to send a specific User Agent when connecting ‘home’ so you could use something like snort to make sure no people are using the rogue version. See more about this report from Symantec – here (http://www.symantec.com/connect/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information).

(Ed. This has been maintstream in ‘free’ versions of mobile software and it works so well attackers are resorting to computer users although I would have thought targeting techs may not have been such a good idea but without the proper monitoring and management equipment, this type of activity will go unnoticed by a lot of sysadmins)