On 7 Oct 2011 at 11:49, Micheal Espinola Jr wrote:
>
> No specific sites... well, actually I /can/ get the IP of one of the
> sites. The drive-by added bogus google and bing entries to the hosts
> file in an effort to have another vector on system [re]infection.
> Malwarebytes promptly blocks access to the Romainian IP in question.
>
> Not admin, not aware of any specific unpatched vulnerabilities - but its
> possible. I've seen the same set of infections on 4 systems in the past two
> weeks. These were all at different medical/dental clients.
Were their 3rd-party Internet-facing programs up to date? I'm thinking mostly
of Adobe Reader, Adobe Flash, and Java. In my experience users don't update
these and sysadmins for small clients often don't either.
99.8% of Commercial Exploits caused by a few unpatched apps
According to an article by Danish security company CSIS, most Windows
infections by commercial malware are the result of failure to patch a few
vulnerable apps: Java JRE (37%), Adobe Reader (and Acrobat) (32%), Adobe
Flash (16%), Internet Explorer (10%), Windows Help (3%), and Apple
Quicktime (2%). MSIE and Windows Help are patched automatically by Windows
Update (which home users should have enabled and which business sysadmins
should be managing), but the other four applications all need to be
updated separately.
http://www.dslreports.com/forum/r26386723-99.8-of-Commercial-Exploits-caused-by-a-few-unpatched-apps
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
