What detection and defense measures are recommended against the MSDTC backdoor?

Detection involves checking if a suspicious `oci.dll` exists in `%windir%\system32\`, as this DLL is not native to Windows. For defense, it is recommended to disable the MSDTC service on regular user hosts, as it is often unnecessary for typical workstations. Additionally, monitoring process creation and DLL loads by `msdtc.exe` can help identify malicious activity.