Archive

Posts Tagged ‘virus’

W32/autorun.worm.aaeb-h Outbreak

Nov 28, 2012 1 comment

I don’t typically post on virus or malware outbreaks because it would consume too much of my time and they are simply too frequently created. For the most part, if you run your network and systems with the concepts of defense in depth and principle of least access, you should be fine. And as long as you are not running as the local administrator of your workstation you should also be fine… But every once in a while a piece of malware becomes noteworthy…

In this case, W32/autorun.worm.aaeb-h infects both removable media and network shares by coping itself to those locations. Once copied, it modifies the permissions so the executable is hidden. When used with removable media (think USB flash drives, or even MP3 players), it will modify the autorun.inf to auto-run the executable. It will also infect files with common file types such as audio (mp3, wmv, avi) and documents (doc, xls, pdf).

The presence of the following file names will indicate you might have this worm:

  • Secret.exe
  • Sexy.exe
  • Pron.exe
  • Password.exe
  • x.mpeg

Defense:

  • Disable autorun feature
  • Prevent the use of USB media for mission-critical servers
  • Ensure scanning is enabled for removable media

Mitigation:

For more information on McAfee product coverage and mitigation for this threat, see PD24169 – Threat Advisory: W32/Autorun.worm.aaeb

Advertisements

Malware Bytes

I am surprised how many times I run into this from IT consultants, contractors and firms who don’t know this…. Malwarebytes is not free for business use.

Individually the cost of a single user is $25: https://store.malwarebytes.org/342/?scope=checkout&cart=29945

 Alternatives to using Malwarebytes:

Top 5 Virus Tips

syringeHere is the top 5 tips to reduce your risk of becoming infected by a computer virus:

  1. Always logon to your computer using a limited or local user security group. If you are on a managed network and don’t know what this means, you’re probably safe. If you don’t have a managed network, and you don’t know what this means, your probably at risk, and if you are an administrator, you know better and should be using RUNAS instead of a local admin or domain admin account for your day-to-day duties; 
  2. Only open attachments which are from known individuals and are expected. If the e-mail is not from a known sender, or if it is unexpected, it is better to check with the sender first before opening the attachment;
  3. Only install website related Active X, Java, Scripts, Applications, Plug-in, if you know the publisher and the act is intentional. Do not download software from the interent with a specific purpose
  4. Ensure that your computer is fully up-to-date with the manufacture’s security updates/downloads;
  5. Ensure that your anti-virus software is fully up-to-date with the lastest version and signature file;

With these basic tips, we took a single client with 5 Windows XP Professional workstations and ran them for 8 months for a trial with their anti-virus software removed. They were told to relay the above 5 steps to the employees on a semi-monthly basis, along with a small poster campaign in the break-room.

At the conclusion of the trail, none of the systems had any known infections. However it is not a reccomendation to run a system without anti-virus.

Good lucky

Tags: ,

Conflicker Worm (updated) information you can use

Apr 8, 2009 1 comment

syringePurpose

There has been a lot of media hype over the last couple of days regarding a worm called Conficker which is supposedly going to create mass havoc on April 1. We have received several calls from concern clients regarding this and I wanted to provide an authoritative source of information you, our valued clients. I have been disturbed by the way the national media has reported on this worm as they provided background information, but do not answer your basic question… what do I do now?

Background

The Conficker worm has been infecting computers since 2008 and has been silently operating on many computers across the global. They are part of a wider know series of threats known as BOTNETs which can effectively turn infected computers into “BOTs” to perform the desired tasks of the maker, such as sending spam or hacking activity. More information on Conficker and BOTNETS can be found below. Read more…

Conficker Worm – information you can use

Apr 1, 2009 2 comments

syringePurpose

There has been a lot of media hype over the last couple of days regarding a worm called Conficker which is supposedly going to create mass havoc on April 1. We have received several calls from concern clients regarding this and I wanted to provide an authoritative source of information you, our valued clients. I have been disturbed by the way the national media has reported on this worm as they provided background information, but do not answer your basic question… what do I do now?

Background

The Conficker worm has been infecting computers since 2008 and has been silently operating on many computers across the global. They are part of a wider know series of threats known as BOTNETs which can effectively turn infected computers into “BOTs” to perform the desired tasks of the maker, such as sending spam or hacking activity. More information on Conficker and BOTNETS can be found below. Read more…