[unisog] zotob and returning students, what are you going to do?

William O'Malley wo at andrew.cmu.edu
Thu Aug 18 19:44:06 GMT 2005


Nasl scripts from Nessus and/or this tool has been mentioned a bunch:
http://infosec.yorku.ca/tools/



On 8/18/05 2:12 PM, "Matt Ashfield" <mda at unb.ca> wrote:

> Hey All
> 
> Well, with this new worm out, and students returning in the next couple of
> weeks, we're starting to wonder what impact this is going to have on our
> network when thousands of student home computers show up on campus and
> connect to our network. Most of these are uneducated users who are running a
> mélange of outdated and unpatched versions of Windows.
> 
> <insert Blaster Worm flashbacks here>
> 
> We have a system in place to scan for and apply windows updates as well as
> do some other scans (spyware and virus) before a user is fully connected to
> the network. But we have noticed a serious flaw. With some versions of
> Zotob, it prevents you from properly applying Microsoft patches. You could
> scan for and remove zotob, THEN apply the patches, but in that short period
> of time between the scan and the patching, will users (we're thinking
> Residence users here mainly) get infected so quick (more blaster
> flashbacks...) that they won't be able to apply the necessary patches in
> time and run into more problems?
> 
> I guess I¹m just floating this out here for discussion and am wondering what
> others are doing. We block 445 at the perimeter, but once students are in
> Residence, they pretty much do what they want within that network.
> 
> 
> Matt Ashfield
> Network Analyst
> Integrated Technology Services
> University of New Brunswick
> (506) 447-3033
> mda at unb.ca 
> 
> 
> 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2113 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050818/162e8fff/smime.bin


More information about the unisog mailing list