|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
Slarty Bartfast
Guest
|
 Posted: Thu Jun 24, 2004 3:50 am Post subject: Korgo Virus |
 |
|
We had two days of the LAN being down this week with the Win32.Korgo.I
virus.
It has similar behaviour to the Sasser that we spent a whole day on
'fixing'. We had Microsoft Auto-updates turned of for some reason - MS04-011
patch would have stopped it, but it wasn't on all our machines.
It most likely got in via a laptop that was on the net while outside our
firewall and then brought it in.
We are updating all our laptops to XP and using it's firewall - better that
nothing.
Any suggestions on good laptop policy regarding security - I know that might
seem a silly question, but we have been using NT4 and 2000 on our laptops
with good updated virus protection forever, long before I came here, even
though I knew the lack of a software firewall was a risk and brought the
issue up a few times.
--
Regards,
Slarty Bartfast |
|
| Back to top |
|
 |
|
|
JaR
Guest
|
| Posted: Thu Jun 24, 2004 4:15 am Post subject: Re: Korgo Virus |
|
|
Slarty Bartfast wrote:
| Quote: |
Any suggestions on good laptop policy regarding security - I know that might
seem a silly question, but we have been using NT4 and 2000 on our laptops
with good updated virus protection forever, long before I came here, even
though I knew the lack of a software firewall was a risk and brought the
issue up a few times.
|
Sure, make certain the disk drives, modem and network cards are removed
before leaving the site.
Seriously, all you can do is make sure they've got a good software
firewall operational, and that the luse^H^H^H^Hemployee has been beaten
about the head and shouders with a clue-stick until a reasonable amount
has penetrated.
But when all is said and done, it's kinda like giving the kid the keys
to the family car on a friday night. You hope and pray that he/she has
enough sense not to get careless and pile it up, but they're gonna do it
anyway.
JaR
Cynical Thug |
|
| Back to top |
|
|
Neil
Guest
|
| Posted: Thu Jun 24, 2004 6:13 am Post subject: Re: Korgo Virus |
|
|
JaR <plentespam@nospamsofthome.net> wrote in news:uJMIzfXWEHA.712
@TK2MSFTNGP11.phx.gbl:
| Quote: | But when all is said and done, it's kinda like giving the kid the keys
to the family car on a friday night. You hope and pray that he/she has
enough sense not to get careless and pile it up, but they're gonna do
it
anyway.
|
LMHO! this isn't just laptop lusers. Our corp was forced to open up
access to the desktop for a "mission critical" (*cough*) application. Now
I hope and pray that the gentle creatures that roam my domain will avert
their eyes from the happy smiling offer of 5000 smiley faces for free or
some such. they never do. and not long after we are running spybot
s&d/adaware (not part standard image)or reimaging the box.
I'm sure they are also distracted by anything shiny...
--
Neil MCNGP #30
"you'd do what, to who, for how many biscuits?" |
|
| Back to top |
|
|
Neil
Guest
|
| Posted: Thu Jun 24, 2004 6:20 am Post subject: Re: Korgo Virus |
|
|
"Slarty Bartfast" <Slarty@Bartfast.com> wrote in news:#d9WVRXWEHA.1128
@TK2MSFTNGP10.phx.gbl:
| Quote: | Any suggestions on good laptop policy regarding security
|
I guess "don't let them have one" is out of the question. too bad.
If we give out a laptop we also find out if the user has high speed
access at home. if they do we break open the piggy bank and buy them a
cheap Linksys firewall. helps a little. if you have AD you should also
consider SUS (or is it WUS now) and setting a bunch of GPO settings.
that being said we do all this and still managed to get a new flavour of
GOABOT recently that we had to work with Symantec on as it was new to
them and not in the most recent def...
--
Neil MCNGP #30
"you'd do what, to who, for how many biscuits?" |
|
| Back to top |
|
|
fygar
Guest
|
| Posted: Thu Jun 24, 2004 6:43 pm Post subject: Re: Korgo Virus |
|
|
On Thu, 24 Jun 2004 08:50:34 +1000, "Slarty Bartfast"
<Slarty@Bartfast.com> wrote:
| Quote: | We had two days of the LAN being down this week with the Win32.Korgo.I
virus.
It has similar behaviour to the Sasser that we spent a whole day on
'fixing'. We had Microsoft Auto-updates turned of for some reason - MS04-011
patch would have stopped it, but it wasn't on all our machines.
It most likely got in via a laptop that was on the net while outside our
firewall and then brought it in.
We are updating all our laptops to XP and using it's firewall - better that
nothing.
Any suggestions on good laptop policy regarding security - I know that might
seem a silly question, but we have been using NT4 and 2000 on our laptops
with good updated virus protection forever, long before I came here, even
though I knew the lack of a software firewall was a risk and brought the
issue up a few times.
|
Run MSBA to find all lagging machines.
Patch.
Set up SUS.
Set up a managed Antivirus.
Find a firewall product if not using XP.
Keep users out of Administrators group.
Keep users out of Administrators group.
Keep users out of Administrators group.
Keep users out of Administrators group.
***Do not give access to email w/o using VPN. (This forces the
occasional connection so the systems will check for updates)
Remove batteries and power cords
....butch |
|
| Back to top |
|
|
Neil
Guest
|
| Posted: Thu Jun 24, 2004 6:49 pm Post subject: Re: Korgo Virus |
|
|
fygar <cpudoc10@hotmail.com> wrote in
news:16mld01kv2jhtt550c4at47l8c3v96kc4j@4ax.com:
| Quote: | Keep users out of Administrators group.
Keep users out of Administrators group.
Keep users out of Administrators group.
Keep users out of Administrators group.
|
Butch, you're stuttering...
--
Neil MCNGP #30
"you'd do what, to who, for how many biscuits?" |
|
| Back to top |
|
|
Neil
Guest
|
| Posted: Thu Jun 24, 2004 6:49 pm Post subject: Re: Korgo Virus |
|
|
fygar <cpudoc10@hotmail.com> wrote in
news:16mld01kv2jhtt550c4at47l8c3v96kc4j@4ax.com:
| Quote: | Remove batteries and power cords
|
the best
--
Neil MCNGP #30
"you'd do what, to who, for how many biscuits?" |
|
| Back to top |
|
|
|
|
fygar
Guest
|
| Posted: Thu Jun 24, 2004 7:12 pm Post subject: Re: Korgo Virus |
|
|
On Thu, 24 Jun 2004 06:49:34 -0700, Neil <neilmcse@nospamforyou.com>
wrote:
| Quote: | fygar <cpudoc10@hotmail.com> wrote in
news:16mld01kv2jhtt550c4at47l8c3v96kc4j@4ax.com:
Keep users out of Administrators group.
Keep users out of Administrators group.
Keep users out of Administrators group.
Keep users out of Administrators group.
Butch, you're stuttering...
|
I've seen people that are supposed to be our peers solve problems that
way so many times that I feel like a broken record every time I have
to deal with it.
I had a small company call me in because their regular consulting firm
couldn't get to this request for a few more days. They wanted a web
based application opened up to the Internet so thier remote employees
could access it. Easy enough, I'll take a look. All the users were
domain admins and there were no passwords on the application (not AD
integrated) I backed away slowly and told them to call me when they
fixed the problems, otherwise I wasn't poking any holes in the
firewall.
These people are paying a lot of money to that consulting firm too.
.....b |
|
| Back to top |
|
|
Neil
Guest
|
| Posted: Thu Jun 24, 2004 7:21 pm Post subject: Re: Korgo Virus |
|
|
fygar <cpudoc10@hotmail.com> wrote in
news:tmnld01u4o3v5jukhrr5qdm70isu9b8n2c@4ax.com:
| Quote: | I backed away slowly and told them to call me when they
fixed the problems, otherwise I wasn't poking any holes in the
firewall.
|
*shudder*
mommy, that man over there is scaring me....
--
Neil MCNGP #30
"you'd do what, to who, for how many biscuits?" |
|
| Back to top |
|
|
Vigo Breadcrumbs
Guest
|
| Posted: Thu Jun 24, 2004 8:25 pm Post subject: Re: Korgo Virus |
|
|
fygar <cpudoc10@hotmail.com> wrote in
news:tmnld01u4o3v5jukhrr5qdm70isu9b8n2c@4ax.com:
| Quote: | I've seen people that are supposed to be our peers solve problems that
way so many times that I feel like a broken record every time I have
to deal with it.
|
Ah yes, like the time the Dot Communists insisted I had to change the
service account for a web application to an administrator level one, as it
absolutely wouldn't work otherwise - it wouldn't work because they had
hard-coded names of administrative shares into some of the file paths. Or
how I had to grant that same account SA privileges to the SQL Servers,
because it was "too confusing" to have to owner-qualify some table names...
--
http://www.vigo-alessi.com/images/products/1362.jpg |
|
| Back to top |
|
|
Jtyc
Guest
|
| Posted: Thu Jun 24, 2004 8:29 pm Post subject: Re: Korgo Virus |
|
|
| Quote: | Ah yes, like the time the Dot Communists insisted I had to change the
service account for a web application to an administrator level one, as it
absolutely wouldn't work otherwise - it wouldn't work because they had
hard-coded names of administrative shares into some of the file paths. Or
how I had to grant that same account SA privileges to the SQL Servers,
because it was "too confusing" to have to owner-qualify some table
names... |
My biggest headache day in day out is crappy programmers. |
|
| Back to top |
|
|
FrisbeeŽ
Guest
|
| Posted: Thu Jun 24, 2004 8:33 pm Post subject: Re: Korgo Virus |
|
|
Jtyc wrote:
| Quote: | Ah yes, like the time the Dot Communists insisted I had to change the
service account for a web application to an administrator level one,
as it absolutely wouldn't work otherwise - it wouldn't work because
they had hard-coded names of administrative shares into some of the
file paths. Or how I had to grant that same account SA privileges
to the SQL Servers, because it was "too confusing" to have to
owner-qualify some table names...
My biggest headache day in day out is crappy programmers.
|
On behalf of crappy programmers everywhere, I apologize.
--
Fris "HAHAHAHAHAHAH" beeŽ, MCNGP #13
The MCNGP Team - We're here to help!
http://www.mcngp.tk
Certaholics
http://groups.yahoo.com/group/certaholics |
|
| Back to top |
|
|
Vigo Breadcrumbs
Guest
|
| Posted: Thu Jun 24, 2004 8:37 pm Post subject: Re: Korgo Virus |
|
|
"Jtyc" <jtyc_mcngp@spamblockerbitch!@yahoo.com> wrote in
news:#6oWFAgWEHA.3716@TK2MSFTNGP11.phx.gbl:
| Quote: | My biggest headache day in day out is crappy programmers.
|
If your programmers were crap, the Dot Commies were a sewage plant.
I had the added frisson of Nosferatu's vampiric sleeping habits (i.e., he
mostly didn't) combined with the time offset for Cheapistan. They got six
whole hours to complain that it was "system traubles." Five minutes' of my
scalding regard during the daily production meetings cleared up that it
was, in fact, almost always software traubles, but the damage to my
reputation was long since done.
--
http://www.vigo-alessi.com/images/products/1362.jpg |
|
| Back to top |
|
|
Keyboard Cowboy
Guest
|
| Posted: Thu Jun 24, 2004 10:07 pm Post subject: Re: Korgo Virus |
|
|
| Quote: | On behalf of crappy programmers everywhere, I apologize.
--
Fris "HAHAHAHAHAHAH" beeŽ, MCNGP #13
|
Hey, are you a member of the crappy programmers guild too? |
|
| Back to top |
|
|
|
|
kpg
Guest
|
| Posted: Thu Jun 24, 2004 10:24 pm Post subject: Re: Korgo Virus |
|
|
"Keyboard Cowboy" <thekeyboardcowboy@nospam.cybersolutionz.com> wrote in
message news:20a0e01c45a0d$c2460560$a601280a@phx.gbl...
# Name resolution details: file://c:\temp\131943.htm (6/24/2004 12:23:51 PM)
#
| Quote: | On behalf of crappy programmers everywhere, I apologize.
--
Fris "HAHAHAHAHAHAH" beeŽ, MCNGP #13
|
| Quote: | Hey, are you a member of the crappy programmers guild too?
|
the best |
|
| Back to top |
|
|
|
|
