I'm sorry for what you are going through - but that's impressive if true. -- ME2
On Wed, Feb 23, 2011 at 10:52 AM, James Rankin <[email protected]>wrote: > It is locking out unique userids that haven't logged on to the machines in > question, ever. I can only assume it must be querying the directory in some > way. > > > On 23 February 2011 18:50, Micheal Espinola Jr > <[email protected]>wrote: > >> It attempts to brute-force common accounts with common passwords as a >> method of authentication in order to spread. Are you seeing something that >> you would consider /unique/ to your domain? >> >> I wasnt aware that it would try to attack unique accounts based on >> locallly chached information, but it certainly wouldnt be a far stretch for >> what downadup can otherwise do. >> >> -- >> ME2 >> >> >> >> >> >> >> On Wed, Feb 23, 2011 at 9:26 AM, James Rankin <[email protected]>wrote: >> >>> Right, for my sins I appear to be stuck in the middle of a Conficker >>> outbreak. I'm not here to advise about security, but five minutes into >>> outbreak and the glaring hole of Autoplay being enabled is clearly how this >>> thing is propagating, and they've been told. Fools - they are in the process >>> of learning the hard way. >>> >>> I avoided Conficker in my last few roles thanks to good security >>> practices, there's one question I can't work out from the Conficker >>> write-ups though. How does this thing get it's list of accounts to attack? >>> We have accounts locking out right left and centre, but they are clearly not >>> just accounts that have previously logged on to the local machine. Does >>> anyone know if this little beastie queries Active Directory in some way? >>> >>> TIA, >>> >>> >>> >>> JRR >>> >>> -- >>> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into >>> the machine wrong figures, will the right answers come out?' I am not able >>> rightly to apprehend the kind of confusion of ideas that could provoke such >>> a question." >>> >>> *IMPORTANT: This email is intended for the use of the individual >>> addressee(s) named above and may contain information that is confidential, >>> privileged or unsuitable for overly sensitive persons with low self-esteem, >>> no sense of humour or irrational religious beliefs. If you are not the >>> intended recipient, any dissemination, distribution or copying of this email >>> is not authorised (either explicitly or implicitly) and constitutes an >>> irritating social faux pas. >>> >>> Unless the word absquatulation has been used in its correct context >>> somewhere other than in this warning, it does not have any legal or no >>> grammatical use and may be ignored. No animals were harmed in the >>> transmission of this email, although the kelpie next door is living on >>> borrowed time, let me tell you. Those of you with an overwhelming fear of >>> the unknown will be gratified to learn that there is no hidden message >>> revealed by reading this warning backwards, so just ignore that Alert Notice >>> from Microsoft. >>> >>> However, by pouring a complete circle of salt around yourself and your >>> computer you can ensure that no harm befalls you and your pets. If you have >>> received this email in error, please add some nutmeg and egg whites, whisk >>> and place in a warm oven for 40 minutes.* >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > *IMPORTANT: This email is intended for the use of the individual > addressee(s) named above and may contain information that is confidential, > privileged or unsuitable for overly sensitive persons with low self-esteem, > no sense of humour or irrational religious beliefs. If you are not the > intended recipient, any dissemination, distribution or copying of this email > is not authorised (either explicitly or implicitly) and constitutes an > irritating social faux pas. > > Unless the word absquatulation has been used in its correct context > somewhere other than in this warning, it does not have any legal or no > grammatical use and may be ignored. No animals were harmed in the > transmission of this email, although the kelpie next door is living on > borrowed time, let me tell you. Those of you with an overwhelming fear of > the unknown will be gratified to learn that there is no hidden message > revealed by reading this warning backwards, so just ignore that Alert Notice > from Microsoft. > > However, by pouring a complete circle of salt around yourself and your > computer you can ensure that no harm befalls you and your pets. If you have > received this email in error, please add some nutmeg and egg whites, whisk > and place in a warm oven for 40 minutes.* > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
