Nasty Virus Windows 7

mrk said:
That applies to virtually all AV,

Like a seatbelt, an AV package is just an additional safety measure., awareness rates higher than any safety measure.

FWIW I read exactly what you said and to me it sounded like you were putting across a certain notion hence my post.

MSE might be free, that doesn't mean it's worse than a pay for one. The database and engine are the same as Forefront EndPoint are they not? I deploy that at work and maintain it and the only difference I can see is that the name is different. The clients tehmselves look exactly the same and the database updates rollout the same as well.
Click to expand...

Sorry, I'll try to be clearer next time.

I did not say that paid-for is better than free. I did not say that free is better than paid-for. Generally they are all as bad as eachother.

My original comment was based on the fact that people base their decisions on whether their machine is infected on what their AV has detected. This is a complete fallacy.

How do you know your machine doesn't have a piece of information stealing malware on it? All you know is that MSE hasn't detected it, and MSE is proudly stating that your machine is clean. In 3 weeks time, once Microsoft has detected the threat, ripped it apart, and pushed down a signature, MSE will detect the threat and you'll think "Great Job Microsoft, thanks for protecting me!". What you don't realise is that the malware has been stealing your banking info, email address password etc. and the data is currently being sold on IRC for 70p.

This is especially concerning when you consider that many of the more sophisticated threats today are "drive-by". Your machine is infected, it sits there for a few hours collecting your information, and then it deletes itself. By the time you've downloaded your signature from MSE it's too late and you had no idea it was ever there. All of the people saying they've never had a virus in 5 years are kidding themselves unless they follow super-strict (almost impossible) browsing safety guidelines.

Saying that your Sophos machine got a rootkit = bad, and your MSE machine didn't = good, is completely false. That's all I was saying :-)
 
Last edited:
I can't speak for other people but I know my machines are not infected by a nasty purely because of the methodoligy I employ when doing monthly and weekly maintenance - I think it's pretty well known around this forum by now :p

For me, just one AV package scan isn't enough, I use multiple apps to scan and report if they find anything because what one misses, another will find. So far no nasty thing has yet to be found but it's part of my regular maintenance routine so it's 2nd nature to me, just like servicing a car every year, except every week/month :)
 
mrk said:
I can't speak for other people but I know my machines are not infected by a nasty purely because of the methodoligy I employ when doing monthly and weekly maintenance - I think it's pretty well known around this forum by now :p
Click to expand...

You do keep telling us over and over again. :p:D
 
The more people I can get onboard a regular routine that's similar the more people I feel I have potentially saved from not getting a nasty one day, even if the chance is remote :)

If you're going to protect yourself it might as well be done properly and regularly!

Well maintained is my motto for everything I own and run \m/
 
mrk said:
I can't speak for other people but I know my machines are not infected by a nasty purely because of the methodoligy I employ when doing monthly and weekly maintenance - I think it's pretty well known around this forum by now :p

For me, just one AV package scan isn't enough, I use multiple apps to scan and report if they find anything because what one misses, another will find. So far no nasty thing has yet to be found but it's part of my regular maintenance routine so it's 2nd nature to me, just like servicing a car every year, except every week/month :)
Click to expand...

The Malware research Group reported that around 54% (I forget the exact figure) of financial malware went completely undetected in 2010. This includes the stealthiest strains of Zeus and Spyeye.

What systems do you employ to protect yourself from identity theft and your business from financial loss? Do you run Trusteer Rapport or something similar?
 
It's not my business :p I manage the IT for the organisation but for web protection we have a Firebox hardware solution and Mail/Web Marshall along with ForeFront EndPoint mentioned earlier. Remote users connect via VPN and mobile devices are all BES devices. We have a 3rd party outsourced company who monitor and maintain the Web Marshal and proxy side of things as well.

By employ, I meant my own machines at home. Those are scanned monthly/weekly with MSE, Trend Online, SpyBot, MalwareBytes, SUPERAntiSpyware. Edit* Also all browsers are Firefox with AdBlock and other useful extensions that stop ads/scripts.
 
Last edited:
mrk said:
It's not my business :p I manage the IT for the organisation but for web protection we have a Firebox hardware solution and Mail/Web Marshall along with ForeFront EndPoint mentioned earlier. Remote users connect via VPN and mobile devices are all BES devices. We have a 3rd party outsourced company who monitor and maintain the Web Marshal and proxy side of things as well.

By employ, I meant my own machines at home. Those are scanned monthly/weekly with MSE, Trend Online, SpyBot, MalwareBytes, SUPERAntiSpyware. Edit* Also all browsers are Firefox with AdBlock and other useful extensions that stop ads/scripts.
Click to expand...

I hate to break it to you, but what you just said was a very long-winded way of saying "nothing".

The company that employs you to look after their IT are at risk of targeted attacks and drive-by attacks. You'll have no idea the attacks even happened until your data is available for download on torrent sites, and millions of pounds has disappeared from your bank.
 
I can only recommend products and services that can be purchased, I do not have any say on whether they "are" purchased. So while I am managing IT, I do not have any contorl over what IT hardware/software is bought in.

Either way, can you explain how someone would extract company data off one of the servers if the only way to get in is via VPN?

I think you're thinking a little over the top here.
 
mrk said:
I can only recommend products and services that can be purchased, I do not have any say on whether they "are" purchased. So while I am managing IT, I do not have any contorl over what IT hardware/software is bought in.

Either way, can you explain how someone would extract company data off one of the servers if the only way to get in is via VPN?

I think you're thinking a little over the top here.
Click to expand...

Where do I start?

Vulnerable Software

Do you have any systems in place to stop users from running out-dated versions of 3rd party applications (like Office, Quicktime, Acrobat etc.) which contain known vulnerabilities?

These vulnerabilities can be exploited by malicious web-sites, compromised legitimate web-sites (London Stock Exchange, Ticketmaster, Vue Cinemas were all compromised recently), or even by malicious people scanning for vulnerable machines on unencrypted WiFi networks.

These vulnerabilities could be used to steal data directly from the machine, or they could be used to inject a brand-new strain of malware which could then spread across your network.

Spear Phising

Forefront does not adequately protect against spear-phishing attacks (ask them). It wouldn't be too difficult for me to identify an organisation I'd like to attack, find their IT manager on LinkedIn and send him an email. When he responds, I get very useful information about the mail infrastructure and I also know how he formats his signature. I can then use this information to send a spoofed email to all/selected employees. This email will be perfectly formatted so that it will look like it came from him. His users trust him, so it's very likely they'll run the piece of malware (that I wrote just for this organisation). Even if only 1/100 users run the payload, this is enough to cause significant damage or financial loss to the organisation.

Window of Exposure

You rely on signature based protection on your work machines. This means that you are only protected from viruses once you have downloaded the signatures. This leaves an unacceptable window of exposure, where your keylogs can be stolen, your screens can be grabbed, and other sensitive documents could be stolen. VPN logins could be stolen, OWA logins could be stolen, Banking information could be stolen, I could go on. You need to find a solution that specifically protects against information-stealing malware. Your current solution may claim to protect against zero-hour viruses - ask them how this works and make your own mind up.

This is just 3 threats that your exployer is at risk of that i thought of off the top of my head. Targeted attacks are on the rise and even very small organisations equate to big business for the attacker.
 
Well I'm the IT manager and I'd never send out an email asking people to run something :p

Mail marshal blocks anything that's executable and blocks any compressed files that it cannot unpack and scan as well.

Should something get through though, then company policy is also never to open any files where people request you to run something without authorisation from a member of IT.

There's always going to be a level of risk however great or small no matter what you do.

Yes, the setup here is not top of the line but it conforms to the standards that the company has to adhere to and annual audits are done by external bodies to make sure things are as safe as they should be and in order for the company to keep its ISO accreditations.
 
Last edited:
mrk said:
Well I'm the IT manager and I'd never send out an email asking people to run something :p

Mail marshal blocks anything that's executable and blocks any compressed files that it cannot unpack and scan as well.

Should something get through though, then company policy is also never to open any files where people request you to run something without authorisation from a member of IT.

There's always going to be a level of risk however great or small no matter what you do.

Yes, the setup here is not top of the line but it conforms to the standards that the company has to adhere to and annual audits are done by external bodies to make sure things are as safe as they should be and in order for the company to keep its ISO accreditations.
Click to expand...

Who do you work for? ;)
 
mrk said:
Should something get through though, then company policy is also never to open any files where people request you to run something without authorisation from a member of IT.
Click to expand...

You really expect a member of staff to contact IT before opening a .docx?
 
KIA said:
You really expect a member of staff to contact IT before opening a .docx?
Click to expand...

The nature of the business means people don't send .docx files in emails and if one originated from the outside world then the mail marshal box would block the attachment because the file contains scripts - A member of IT would have to release it after seeing if it's come from a safe source.

All these things are looked at during audits, data security, disaster recovery etc.
 
mrk said:
Well I'm the IT manager and I'd never send out an email asking people to run something :p

Mail marshal blocks anything that's executable and blocks any compressed files that it cannot unpack and scan as well.

Should something get through though, then company policy is also never to open any files where people request you to run something without authorisation from a member of IT.

There's always going to be a level of risk however great or small no matter what you do.

Yes, the setup here is not top of the line but it conforms to the standards that the company has to adhere to and annual audits are done by external bodies to make sure things are as safe as they should be and in order for the company to keep its ISO accreditations.
Click to expand...

I've been inside <deleted> all day.

Joking of course :-)
 
Last edited:
mrk said:
;)
Click to expand...

BTW, it took me about 60 seconds to find the name of your company, your internal domain name, a server name and your work email address.

If I was a malicious person, your staff would now be prime candiates for a social engineering attack and I could send them all a link to a brand new virus.

I'm not trying to be arrogant, just trying to raise awareness that the security measures you recommend on this forum are not adequate.
 
You must log in or register to reply here.
Back
Top Bottom