Re: Funlove virus attacking Print ques

From: McDaniel, Tom (Tom_McDaniel@BOSE.COM)
Date: 02/04/02 

Date:         Mon, 4 Feb 2002 15:19:01 -0500
From: "McDaniel, Tom" <Tom_McDaniel@BOSE.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

                -----Original Message-----
                From: Schooping, Paul A
[mailto:Paul.A.Schooping@usa.xerox.com]
                Sent: Monday, February 04, 2002 2:34 PM
                To: McDaniel, Tom
                Subject: RE: Funlove virus attacking Print ques

                Tom,
                What kind of print queues do you use?

                What exactly do you mean that it is "propogating" in the
print queue?

                FunLove of course seeks out open network shares, and infects
executatables
                it finds there. Is the PrintServer itself getting infected?
If so, what OS
                is the Printer server running, and what AV software is on
it?

                You didn't share your architecture. It would seem you have
some unprotected
                boxes which should be running AV on them if FunLove keeps
infecting them.

                Paul A. Schooping
                Global Operations Virus Control Manager
                EDS@Xerox

The systems affected are Win2K advanced server boxes running in a
cluster...They both have Norton Anti Virus CE 7.51 installed in a managed
environment...We believe that these "Remote down level Documents" Are coming
from FunLove infected client systems...Every time we are able to catch one,
that is the case...The capability we were asking Symantec for was a
dependable way of sniffing out the culprits...

Tom McDaniel {*}
Business Systems Management
Bose Corporation

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Relevant Pages

  • Re: Software Registry: is "Advanced INF" legit Explorer?
    ... (can you completely trust a backup made from an infected machine? ... Security is about risk management - ergo, ... can't say that you'll avoid infecting your newly flattened and rebuilt ...
    (comp.security.misc)
  • Followup to Windows 2000 unable to unload registry hive
    ... The common cause of the registry hive's inability to unload in all cases ... to count on profiles always unloading correctly. ... Stop hassling with half-baked ENTERPRISE SECURITY. ... FREE White Paper shows you how to ensure TOTAL security for your Internet ...
    (NT-Bugtraq)
  • Re: [Full-disclosure] Yet another 0day for IE
    ... "Also worth mentioning is that the current in-the-wild exploits attempt ... infecting them. ... Security researchers at Microsoft have been informed. ... Please call it a 1-day if it's full disclosure mode, ...
    (Full-Disclosure)
  • RE: [Full-disclosure] Yet another 0day for IE
    ... "Also worth mentioning is that the current in-the-wild exploits attempt ... infecting them. ... Security researchers at Microsoft have been informed. ... Please call it a 1-day if it's full disclosure mode, ...
    (Bugtraq)
  • Re: Download for MS02-009 available
    ... The redistributable patch for the IE Cross-domain VBScripting problem, ... Stop hassling with half-baked ENTERPRISE SECURITY. ... FREE White Paper shows you how to ensure TOTAL security for your Internet ...
    (NT-Bugtraq)