You still did not quite cover MLF's questions
Quote:
What was executed ...with administrator privledges...on a server?? and how?
What was the role of this server??
How did the lack of a AV cause an infection?? It is a reactive approach?
There is no problem with leaving a server logged on as administrator, in fact it can prevent a console remote login by another user (although security policies should be preventing this anyway)..... In saying that, if the server is left unattended, the user should lock the computer, requiring to enter the password again to access.Quote:
Both our servers are logged on with ADMINISTRATOR at all times. Dont ask my why. I believe it started duplicating files on a share that the marketing department uses and then just spread like wild fire.
Also, depending on software installed, it may need a user account logged on to work (Read: Application based feed Vs. Installed Service)