[Intrusions] Interesting little piece of malware...
Chris Norton
kicktd_list at hotmail.com
Tue Sep 21 14:49:05 GMT 2004
>Further, what do I tel management ... when
> they want to know how it got on here in the first place ?
Really it would be hard to tell how it got on your computers there without
knowing the setup of your network, is everything behind a central firewall
etc. It's possible a student with an infected laptop connected to the
network and it spread that way, or maybe someone checked their email and got
it etc. There are several ways for worms/viruses etc. to sneak past
firewalls, all it takes is a human "host" to carry them past.
As for how to clean it out follow the instructions here for R-BOT:
http://www.sophos.com/virusinfo/analyses/w32rbotei.html
--
Chris Norton
UAT Student Software Engineering Network Defense
More information about the Intrusions
mailing list