The backdoor also collects some rudimentary information about the compromised computer including some basic network adapter information, system version information, and language settings. The Kwampirs backdoor Trojan then attempts to aggressively copy itself across open network shares to infect other computers.
What you can do
Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips products are implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. If a product does require updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.
Industry best practice for network security and defense (Please ensure these are in accordance with your product documentation):
- Employ regular updates to applications and the host operating system to ensure protection against known vulnerabilities.
- Implement a least-privileges policy on the Web server to:
o Reduce adversaries’ ability to escalate privileges or pivot laterally to other hosts.
o Control creation and execution of files in particular directories.
- If not already present, consider deploying a demilitarized zone (DMZ) between the Web-facing systems and corporate network. Limiting the interaction and logging traffic between the two provides a method to identify possible malicious activity.
- Ensure a secure configuration of Web servers. All unnecessary services and ports should be disabled or blocked. All necessary services and ports should be restricted where feasible. This can include whitelisting or blocking external access to administration panels and not using default login credentials.
- Utilize a reverse proxy or alternative service to restrict accessible URL paths to known legitimate ones.
- Establish, and backup offline, a “known good” version of the relevant server and a regular change-management policy to enable monitoring for alterations to servable content with a file integrity system.
- Employ user input validation to restrict local and remote file inclusion vulnerabilities.
- Conduct regular system and application vulnerability scans to establish areas of risk. While this method does not protect against zero day attacks, it will highlight possible areas of concern
Customers entitled by service-contract to use Philips InCenter are encouraged to request and attain InCenter access and reference product-specific information posted on Philips InCenter. All customers with and without service contracts are encouraged to contact their local service support team or regional product service support as needed for current information specific to their products or Philips deployed installations as information becomes available.