For info and removal instructions on this worm read this from Symantec: http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.kho.html
You can take some measurements to secure your network by scanning at the SMTP gateway, if you don't have one I would suggest you get one, apparently this has nothing to do with patching, it's using your weak passwords to spread in your network, see under the "Distribution" area in the link. Hope this helps. AM -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 9:51 AM To: ActiveDir (E-mail) Subject: [ActiveDir] worm/bot issues Hi all, i have users that keep getting infected with a worm Symantec calls "W32.Spybot.KHO". The thing keeps coming back unless you disable file and print sharing. The thing I don't understand is that all my clients(winxp) virus defs are up to date and they are all patched. I use SUS and push out patches on a regular basis. I even ran MS baseline security analyzer on the infected boxes and they come up good for up to datedness. I don't really understand how an up to date patched pc can become infected over and over. according to Symantec, the holes that this thing exploits, i've had covered awhile ago. is it possible to be patched and up to date and STILL get infected? is there anyway out of this quagmire? thanks List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- ----------------------------------------------------------------------- This message has been inspected by DynaComm i:mail 5.0 ----------------------------------------------------------------------- -- ---------------------------------------------------------------------- FutureSoft, Inc. 12012 Wickchester Lane, Suite 600 Houston, TX 77079 If you no longer want to receive commercial e-mail correspondence from FutureSoft, you may remove your address from our records by visiting www.futuresoft.com/emailremoval.asp ---------------------------------------------------------------------- List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
