awenlock
Posts: 357
Score: 188
Joined: 3/8/2005
Status: offline
|
I was looking through the Mcafee Blog today and came across the following article that I thought was rather interesting. It's an area I tend to drum into people who deal with virus infected machines, making sure that they remove the machines from the network at the time of the customer calling or the alert being generated, then cleaning the infection (if possible), or in most cases simply rebuilding the machine to ensure the virus has been removed. If you have up to date virus protection on your machines then you will hopefully stop the infection from happening, but there's always going to be that machine somewhere where the protection is not fully up to date.
Mcafee: http://www.avertlabs.com/research/blog/index.php/2008/11/10/combating-file-infectors-on-corporate-networks/
quote:
“We regularly come across simple parasitic infectors that manage to infect every workstation and server on the network. And administrators are at their wits’ end trying to figure how the simplest of viruses managed to spread and infect every networked machine in so little time and with such stunning effect.
When an administrator logs to the affected machine using their domain admin account, the worm now runs on the affected machine using the elevated credentials of a domain administrator. Straight away the worm can now infect and spread to any host on the domain using these newly acquired administrative credentials. And in a matter of minutes the entire network with thousands of machines gets infected—by the dumbest of worms."
The white paper is also worth a read through too if you get some time, but its certainly an area when you need to be thinking ahead before you logon with that domain account !
Regards
Alan
|
Printable Version
Combating File Infectors on Corporate Networks - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread