Meneses, Arturo wrote: It didn't come in via smtp(i don't know how it came in, frankly). I use a postfix/spamassassin/ClamAV smtp gateway for my Exchange2k server.
thanks > For info and removal instructions on this worm read this from > Symantec: > http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.kho.html > > You can take some measurements to secure your network by scanning at > the SMTP gateway, if you don't have one I would suggest you get one, > apparently this has nothing to do with patching, it's using your weak > passwords to spread in your network, see under the "Distribution" > area in the link. > > Hope this helps. > > AM > > > -----Original Message----- > From: Kern, Tom [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 02, 2005 9:51 AM > To: ActiveDir (E-mail) > Subject: [ActiveDir] worm/bot issues > > > Hi all, i have users that keep getting infected with a worm Symantec > calls "W32.Spybot.KHO". The thing keeps coming back unless you > disable file and print sharing. > The thing I don't understand is that all my clients(winxp) virus defs > are up to date and they are all patched. I use SUS and push out > patches on a regular basis. I even ran MS baseline security analyzer > on the infected boxes and they come up good for up to datedness. > I don't really understand how an up to date patched pc can become > infected over and over. > according to Symantec, the holes that this thing exploits, i've had > covered awhile ago. > is it possible to be patched and up to date and STILL get infected? > is there anyway out of this quagmire? > thanks > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > -- > ----------------------------------------------------------------------- > This message has been inspected by DynaComm i:mail 5.0 > ----------------------------------------------------------------------- List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
