Unless we use "scissors security" how can we avoid things that even the experts can't isolate the code for? This article a while back brought it all into focus for me.
http://www.computerworld.com/s/article/9231418/Elusive_TDL4_malware_variant_ infected_Fortune_500_companies_gov_t_agencies There are some promising products out there like Bromium, but that's for large environments, very new, and probably very expensive. Where does that leave the rest of us? From: Andrew S. Baker [mailto:[email protected]] Sent: Thursday, October 11, 2012 10:59 AM To: NT System Admin Issues Subject: Re: OT: Scour redirect virus? The thing about malware is that you really have to avoid it in the first place. Yeah, seems like a Captain Obvious moment, but once the system is impacted, a sophisticated piece of malware is going to do all in its power to stay out of sight, including disabling common/popular AV products. I did see a lot of links about the Redirect Virus on AVG's community site: http://forums.avg.com/us-en/avg-forums-search You may already have run into information such as (http://www.pchell.com/support/scour_redirect.shtml), which indicates how insiduous this malware can be. The fact that it's a rootkit makes it somewhat problematic to deal with. Host-based protection needs to move away from the ubiquitous AV toolset. ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market. On Thu, Oct 11, 2012 at 8:47 AM, Christopher Bodnar <[email protected]> wrote: Just wondering if anyone else has had to deal with this one. Got hit with this on my home machine this week. I am by no means a security expert, so that may have been part of my problem. But was sort of surprised by the lack of resources/info available out there from the major players (AVG, McAfee, Symantec, etc....). I use AVG and it had no idea the machine was infected. and couldn't find any mention of it on their support site. Tried both TDSSKiller from Kaspersky and FixTDSS from Symantec. Neither of which worked. Finally gave in and tried ComboFix, which really looked like it was questionable, but resolved the problem for me. Luckily this was relatively harmless in the grand scheme of things. Just very annoying. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected] The Guardian Life Insurance Company of America www.guardianlife.com <http://www.guardianlife.com/> ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
