RE: Protecting Home Machines
From: Nicholson, Dale (DNicholson_at_APACMail.com)
Date: 11/24/03
- Previous message: N407ER: "Re: Digital signature Question"
- Maybe in reply to: Sys Sec: "Protecting Home Machines"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Mon, 24 Nov 2003 11:23:22 -0600
Note that if you don't install a firewall before connecting to the internet
to download windows updates you will probably be infected before you have
the chance to complete the downloads.
Just last week I re-dropped a laptop with w2k pro. I installed Tiny and AVG
before connecting. Within 30 seconds of being online Tiny was throwing up
dozens of alerts, one of which looked like nachi.
-----Original Message-----
From: David Gillett [mailto:gillettdavid@fhda.edu]
Sent: Thursday, November 20, 2003 8:22 PM
To: 'Cherian M. Palayoor'; security-basics@securityfocus.com
Subject: RE: Protecting Home Machines
Nachi infects by way of the same vulnerability as MSBlast.
In addition to reinstalling the *OS*, you needed to install the
various security patches to bring it up to date.
David Gillett
> -----Original Message-----
> From: Cherian M. Palayoor [mailto:cpalayoor@cwalkergroup.com]
> Sent: November 20, 2003 11:23
> To: security-basics@securityfocus.com
> Subject: Protecting Home Machines
>
>
>
> I have a remote user whose laptop was severely infected by the trojans
> MSBLAST & WiNSHOW.A.
>
> I reinstalled the OS on the machine following a complete reformat, and
> installed an anti-virus with the latest update. I ran a
> complete scan on the
> machine prior to shipping the machine back to the user.
>
> However as soon as the user took back the machine home, he
> was infected by
> another worm (NACHI.A) within a few minutes of connecting to
> the internet
> through his high speed cable modem. He swears that he had not
> downloaded
> anything nor tried any removable media on this machine.
>
> Following a bit of research on the matter, I am now aware
> that it is possible
> for machines to get infected on the fly especially through
> unprotected home
> internet connections.
>
> The question is, "What do I do to prevent such occurrences which have
> increased of late."
>
> My thanks in advance for any thoughts or words of advise.
>
>
> CP
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: N407ER: "Re: Digital signature Question"
- Maybe in reply to: Sys Sec: "Protecting Home Machines"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
