LISTSERV 16.0 - MSUNAG Archives

At 11:09 AM 6/26/2008, Chris Wolf wrote:
>"urn:schemas-microsoft-com:vml" xmlns:o = "urn:schemas-microsoft-com:office:office" xmlns:w = "urn:schemas-microsoft-com:office:word" xmlns:m = "http://schemas.microsoft.com/office/2004/12/omml"> 
>Does anyone know what specific vulnerability is being exploited here?  Were the computers involved completely up-to-date with MS patches and still got infected?

And were the users working from privileged accounts?



>
>----------
>From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Bosman, Don
>Sent: Thursday, June 26, 2008 10:07 AM
>To: [log in to unmask]
>Subject: Re: [MSUNAG] XP or Vista Antivirus 2008 ..... Here is one mechanism of infection
>
>I always accepted users comments that they didn’t know how they got infested because its generally the truth. I didn’t understand how they couldn’t have noticed that their machine had slowed, but even on campus the network can get frustratingly slow at times. Now that it happened to me, I can tell you one way to get it. Using MSIE, browse to a recommended site from a news aggregator who has never let you down in the past. After thirty seconds or so your machine slows to the point that any tech knows it’s been infested. There are thousands of sites that are harboring mal-ware scripts. I know I should have been using Firefox, but for some reason I was in IE. 
>
> 
>
>For my home machine running online scans offered by both <http://www.antivirus.com>www.antivirus.com (Trend Micro) and <http://www.kaspersky.com/virusscanner>http://www.kaspersky.com/virusscanner (Kaspersky Labs) cleaned up the problem. While not requiring much interaction from me, the scan process did take hours. 
>
> 
>
>Here at work I used to trust HitmanPro II <http://www.hitmanpro.nl/hitmanpro/>http://www.hitmanpro.nl/hitmanpro/ but even it hasn’t been catching the latest script installed malware. 
>
>Best practice as of today – Run Firefox or Opera with scripting turned off. I was amazed at the number of everyday sites that require scripting to do simple things that could have been better coded. Now I generally recover data from another profile and re-image the machine. 
>
> 
>
>Good luck.
>
> 
>
> 
>
>Don Bosman 
>Information Technologist 
>Libraries, Michigan State University 
>  100 Library 
>  East Lansing, MI 48824-1048 
>  [log in to unmask] 
>  (517) 432-6123 ext 233 
>  Fax (517) 432-8374 
>
>