more often than I care for... i'm assuming, since my clients are patched and up to date, that these are coming from people outside the company with infected laptops and are spreading via weak or no passwords on the local admin accounts on the client boxes. My servers never get infected and all have strong local admin passwords. i think running a logon script to change all the local admin passwords to something complex will help. unfortunately we are a liquor distributor and we have suppliers come in from other companies with laptops who want to plug into out network for internet access. management won't let me allot them a room that I can put on a locked down vlan(though they are willing to invest $$ in the Cisco Secure Access solution?!!), so i'm knda screwed on that point. hopefully changing the passwords will help(unless you have any other ideas) thanks
Douglas M. Long wrote: > Tom, > > Am I wrong, or do you constantly have these worms/virus problems? > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom > Sent: Wednesday, March 02, 2005 10:51 AM > To: ActiveDir (E-mail) > Subject: [ActiveDir] worm/bot issues > > Hi all, i have users that keep getting infected with a worm Symantec > calls "W32.Spybot.KHO". The thing keeps coming back unless you disable > file and print sharing. > The thing I don't understand is that all my clients(winxp) virus defs > are up to date and they are all patched. I use SUS and push out > patches on a regular basis. I even ran MS baseline security analyzer > on the infected boxes and they come up good for up to datedness. > I don't really understand how an up to date patched pc can become > infected over and over. > according to Symantec, the holes that this thing exploits, i've had > covered awhile ago. > is it possible to be patched and up to date and STILL get infected? > is there anyway out of this quagmire? > thanks > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
