Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Portable App

  1. #1
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683

    Portable App

    Hey all

    Yesterday our network got hit very hard by some malware. Panda Corporate didn't spot it and neither did our perimeter defense. Everyone is "trying" to blame someone , blocking Gmail etc.

    Now instead of fixing the problem the idiot would rather try and "plug" a hole rather than admit than the AV we have implemented is totally crap.

    An AVG PC with an outdated database was able to detect everything on my flash drive.

    Anyhow on my workstation AVG is cleaning things up, however there are 2 production servers left which the boss is on my head for.

    1st server is running stable at the moment.
    2nd server keeps on going into standby mode for some reason, I have checked the power settings etc and everything is fine, I would assume this is malware based. Every 20 seconds it will go into standby and will pause the work/scan at hand.

    Any ideas how to clean this in a timely manner?

    Thanks
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    First, don't assume anything. It's not unusual to find concurrent issues
    on any given PC, including servers.

    Take a good look at the processes and services running on that server.
    Google anything that doesn't look familiar. Shaking down a server like
    that is a rather more formidable task than doing the same on a desktop.

    You might try something like Portable Clamwin to doublecheck for any
    viruses. That version is designed to run off a USB stick, but it's easily
    copied to a HDD and run from there. It doesn't need a full-blown install
    like most AV apps so it's easily installed with a minmum of registry changes.
    It's not the greatest AV app, but it does give you a second opinion.

    HTH.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I have seen workstations infected with viruses.......and yes...these can infect certain data areas on a server....

    But I can still can not understand how a server becomes infected with a virus with out someone using it to read email or surf the world wide web using the all powerful administrator account....which is a nono ...basic security 101

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    Quote Originally Posted by morganlefay
    But I can still can not understand how a server becomes infected with a virus with out someone using it to read email or surf the world wide web using the all powerful administrator account....which is a nono ...basic security 101
    I believe this was already covered

    Quote Originally Posted by Cider
    Now instead of fixing the problem the idiot would rather try and "plug" a hole rather than admit than the AV we have implemented is totally crap.
    A chain is only as strong as its weakest link. Same goes for networks, and the programs intended to protect them.


    CTO
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I believe this was already covered
    I must be missing it then????

    How did the server become infected???

    maybe you can splain it to me....

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    Quote Originally Posted by Cider
    Yesterday our network got hit very hard by some malware. Panda Corporate didn't spot it and neither did our perimeter defense. Everyone is "trying" to blame someone , blocking Gmail etc.

    Now instead of fixing the problem the idiot would rather try and "plug" a hole rather than admit than the AV we have implemented is totally crap.

    An AVG PC with an outdated database was able to detect everything on my flash drive.
    The server became infected, as Cider believes, because the AV protection they employed was crap and did not do the job..... Much like hiring a night watchman who sleeps on the job - The theives just slip right by.

    Why the server became infected, simply is the nature of the www - ?

    I think Cider's beef is the fact the id10t would rather apply a fix to the issue, now and give the night watchman a stern talking to - as opposed to replacing them with a more secure, highly thought of product - Trend would be a nice way to go i think.


    CTO
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    What was executed ...with administrator privledges...on a server?? and how?

    What was the role of this server??

    How did the lack of a AV cause an infection?? It is a reactive approach?

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    http://www.malwarebytes.org/

    By far THE best scanner....Good Luck!
    "It is a shame that stupidity is not painful" - Anton LaVey

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Cider, long time no talk.....sorry about that............. will explain later.

    Yesterday our network got hit very hard by some malware. Panda Corporate didn't spot it and neither did our perimeter defense. Everyone is "trying" to blame someone , blocking Gmail etc.
    Hey, welcome to the world of corporate management pal, and the "blame culture".

    Now instead of fixing the problem the idiot would rather try and "plug" a hole rather than admit than the AV we have implemented is totally crap.
    As I see it, the guy is at least a half right. Hell, you obviously do have a "hole" somewhere in your defences. You need to examine:

    1. Your security model and policies.
    2. Your processes to implement that model.
    3. Your procedures to support those processes.
    4. Your software and manual activities support your procedures.
    5. Your audit, management and enforcement processes support your policies and its infrastructure.

    Security is a layered approach that requires commitment at all levels of an organisation. You cannot buy it off a supermarket shelf like a box of breakfast cereals, and there is no "magic bullet" solution; despite what some vendors would like you to believe.

    You need to look at what attacked you, how it got there, and how it spread. That will tell you where the gaps are. Fix those gaps and then, and only then, can you publicly execute the culprits

    Please remember that if you have a home user, or small business security suite, it is largely pre-configured to provide a reasonable level of protection. Corporate solutions, on the other hand are generally pretty useless out of the box, as there is no way the vendor can make reasonable assumptions regarding corporate architectures.

    If you accept that; then the problem is more likely to be the way that the system was implemented than the product itself. I am sure that you will appreciate this more if you consider firewalls on there own? If you don't know how to set one up, it is worse than useless, as it lulls you into a false sense of security.

    MLF has some good questions.............. what was the malware, and what was the server's role?

    Please remember that you have an "enemy within" and if you let them bring external crap into the company, read their private e-mail, attach unauthorised devices, install unauthorised software, visit their Facebook or other crap, trade on e-bay, and on and on and on............... then just make sure that they know that it is an instant dismissal offence and that they sign up (at least once every 3 months) to the fact that they haven't forgotten that.


  10. #10
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hey all,

    I havent read all the posts, I will do so and reply to everyones post.

    Basically This malware was copying every file in the directory it was in. For instance in the root of C, it would copy every file whether it was a dll, word doc or whatever , it would change it to a .exe. All the files that were created either were 631 kb in size or 218 and were modified on the same day.

    Basically I uninstalled our AV and put on AVG protection for file servers. This cleaned up everything and landed up with 2.5k infected files. There were the ones that got duplicated.

    This is to answer MLF.

    Both our servers are logged on with ADMINISTRATOR at all times. Dont ask my why. I believe it started duplicating files on a share that the marketing department uses and then just spread like wild fire.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. Booting Linux from Simpletech Portable hd
    By C:\Saw in forum Operating Systems
    Replies: 5
    Last Post: February 20th, 2008, 07:26 PM
  2. how to make a program portable?...
    By acdspit00 in forum AntiOnline's General Chit Chat
    Replies: 25
    Last Post: September 8th, 2006, 10:33 AM
  3. Portable Nmap
    By treanglin in forum Security News
    Replies: 1
    Last Post: August 17th, 2006, 02:59 PM
  4. Portable Linux
    By muert0 in forum Operating Systems
    Replies: 1
    Last Post: August 27th, 2004, 03:14 AM
  5. C++ portability guide
    By tampabay420 in forum Programming Security
    Replies: 2
    Last Post: February 14th, 2003, 02:36 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •