On Sun, Oct 21, 2012 at 11:25 PM, Pat <[email protected]> wrote: > Hi Guys, > > I'm pitching in to try and contain/slow/delay an outbreak while av > signatures have a chance to catch up and lessons are being learned the hard > way. > > Is there any software tools available that can disable or block DLL > injection. This could help us slow down the spread. > > (its far too late to suggest not running as admin in a 2k3 enviroment)
I know you're not going to want to hear it, but to paraphrase Agent Smith "Lieutenant, your workstations are already dead" If you're aware that it's spreading, it's already too late to "slow" at this point. The only option is to contain it by disconnecting infected machines ASAP. Doubly so if the malware has admin credentials. Your strategy at this point should be: * Locate infected machines * Disconnect them * If it has admin credentials, change *all* passwords. Users and admins. * Reimage infected machines * Pray Anything else you'll likely run into it flaring up again at a later date. -- Ben Jackson - Mayhemic Labs [email protected] - http://www.mayhemiclabs.com - +1-508-296-0267 "Assume that what is in the power of one man to do, is in the power of another" _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
