OK, I just could not stay out of this one. Someting like 60-70% of these infections are caused by social engineering, so why not prevent this from happening in the first place?
Train those users within an inch of their life so that they will have nightmares even contemplating clicking on something they should not. Cybercrime is accelerating, check out the sophistication level of the current fifth generation. http://www.knowbe4.com/resources/five-generations-of-cybercrime/ Warm regards, Stu ________________________________ From: Micheal Espinola Jr [mailto:[email protected]] Sent: Wednesday, July 13, 2011 1:12 PM To: NT System Admin Issues Subject: Thought on malware cleaning Maybe I'm nuts. Maybe I'm sick of dealing with malware. But I have some very simple questions about things I almost ALWAYS see on infected systems. Perhaps someone here can clarify something for me that I have yet to see Microsoft and any antivirus vender directly address. I'm gonna start this with one point, and then how the conversation goes: I almost always see malware injection points in the allusers\appdata folder. In these instances I *always* see a reference in one of the "run" registry keys. As far as I know; this top level appdata filer should NOT contain files at all. I repeat: NO FILES AT F'ING ALL. Can someone confirm this? Can someone with contacts at Microsoft or other AV providers confirm why this is completely overlooked when scanning? This is were 0-day malware live very commonly. This is very easy to check! Thank you for your time and any vender reach-outs you can provide. I'm currently working on a set of scripts to check what I consider very foolish things like this. If anyone wants to team-up, please do. -- Espi ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
