A Nasty Little Email - Norton360 - Is it Crap? - Page 4
Page 4 of 4 FirstFirst ... 234
Results 31 to 35 of 35

Thread: A Nasty Little Email - Norton360 - Is it Crap?

  1. #31
    Member neozoon's Avatar
    Join Date
    Dec 2002
    Posts
    33
    Quote Originally Posted by nihil View Post
    Hi neozoon,
    I am afraid that all that tells me is that NEITHER product did their job, which is to protect you? You ended up doing it manually?
    yes, neither detects it as a virus, luckily i found it quickly and could stop it from reaching servers, it was a real pain to find which pcs caught but cleaning was easy:
    kill+find+delete

    the source was a usb disk, an employee keeps working late at his home he brings his files in the usb disk which was infected (so was his home pc of course ^^) but i reported the file to kaspesky

    about the system indicating a problem, the symantec process was there but with few megabytes, i guess it patched it or something to stop it from running

    back to the usb disk, i was going to make a thread and ask if someone had the same issue as me, cause GPO active directory has ways to block usb disk which i tried but unseccessfully. the reading writing authorisations are not spread on the network. but i'll read through out the forum before making the thread ^^
    ps:it's nice to be back to the forums, i was member as student now that i finished, i have time to read and get informed and share knowledge of course ^^
    Last edited by neozoon; April 9th, 2011 at 10:29 AM. Reason: misspelling
    Toka Koka: To receive a reward, an equivalent sacrifice has to be made!

  2. #32
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi neozoon,

    I don't know anything about the size or distribution of your organisation but have you considered what we call a "sheep dip". These are usually older computers that are re-deployed purely as security tools. [The name comes from the troughs of chemicals that farmers use to rid their animals of parasites ]

    I would load one (or more if you need) with Avira AV, Online Armor by Tall Emu, AdAware (interactive scanning set to "on"), WinPatrol from BillP Studios, and Malwarebytes (and anything else you like) The user account should be least empowerment.

    With any luck those will spot any attempts to mess with the system.

    The sheep dips are stand alone, and all media brought from outside the organisation has to be scanned. I would just let Avira scan with the deepest level of scanning and scan compressed files. That process should kick off any malware that one of the products will hopefully detect.

    Disabling Norton without alerting Windows is an interesting touch........this looks rather like a trial run for something more sinister, so you can expect other AV products to be included at a later date. I wonder if it turns off the AV to hide what activity is planned for the future?

    You really should have autorun disabled on your machines, as this is a common way to launch this sort of malware.

    The alternative is not to allow any external media or devices, which may well be counterproductive?

    Given that you don't need that many "sheep dips" the licencing should be reasonable as well.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #33
    Member neozoon's Avatar
    Join Date
    Dec 2002
    Posts
    33
    only symantec had the issue, kaspersky works fine!
    as for "sheep dip", i have some here, but didn't know the name thanks for the tip ^^

    Quote Originally Posted by neozoon View Post
    back to the usb disk, i was going to make a thread and ask if someone had the same issue as me, cause GPO active directory has ways to block usb disk which i tried but unseccessfully. the reading writing authorisations are not spread on the network. but i'll read through out the forum before making the thread ^^
    i'm new in the company, and like i said, their server have trouble spreading the authorisations, if i can solve that, it would be very nice because i wanna tighten the access as much i can on everyone (users have many rights they don't need like installing softs)
    the company leader wants me to solve many issues(that's why he hired an engineer )
    it's problematic and the network is spread on many buildings and cities and many OS(xp,vista,7, and macs), it's really complicated
    for now i handle backing up data, i'm done with it, i'll care about policies next and see what i can improve, i guess it's time to take a day off and then dive into the depths of the forums to try to solve this issue
    sorry for my bad english
    Toka Koka: To receive a reward, an equivalent sacrifice has to be made!

  4. #34
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi neozoon,

    I was afraid that you would have a multiple site, multiple software environment.

    (users have many rights they don't need like installing softs)
    That means that they have at least local admin rights. I would imagine that they logon as such all the time? I would suggest that if you have trusted users in remote locations who you need to be able to take local administrative action, you give them a separate admin ID, and tell them that its use is monitored Otherwise, is remote installation & update possible for you?

    the network is spread on many buildings and cities and many OS(xp,vista,7, and macs), it's really complicated
    Just as I feared! I would guess that this is made worse by all sorts of different applications, and the same applications at different versions?

    If you still have a copy of the malware please send it to Symantec...........I would be interested to know what their response is.

    "Toka Koka"...............we have something similar: "No gain without pain"...........fortunately, it is not mandatory to listen to users screaming
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #35
    Member neozoon's Avatar
    Join Date
    Dec 2002
    Posts
    33
    your fears are confirmed again dear nihil : same applications at different versions since the licences don't have the same price !

    my main fear is that the domain servers were wrongly setup! it would be realy problematic to restart from the begining. working with the current setup won't give results(which happened already when trying to lock usb, it worked on 4/12)

    but i didn't really concentrate on that before so after i finish my reports, i'll dive into that shitty 2003server lol ^^
    Toka Koka: To receive a reward, an equivalent sacrifice has to be made!

Similar Threads

  1. how to finger a user via telnet
    By ai0070 in forum Miscellaneous Security Discussions
    Replies: 6
    Last Post: October 18th, 2004, 11:21 PM
  2. HowTo Interpret Email Headers
    By ShagDevil in forum Other Tutorials Forum
    Replies: 0
    Last Post: June 13th, 2004, 05:46 PM
  3. Chapter 2 - Newbie Questions Answered
    By uraloony in forum The Security Tutorials Forum
    Replies: 6
    Last Post: December 24th, 2003, 01:41 AM
  4. An Intro to ProcMail
    By roswell1329 in forum The Security Tutorials Forum
    Replies: 4
    Last Post: December 10th, 2002, 11:35 PM
  5. How to read email header
    By rajat in forum Roll Call
    Replies: 0
    Last Post: February 20th, 2002, 04:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •