I keep reading these articles and reports about this botnet and that
botnet problem and how many user's pc's are infected.
The only thing I don't see is a way to remove these bots!
Not everyone knows how to even look at their machines for signs of these
bots. Heck, I know most of my guys here don't even know how these bots
work.
It would be impossible to educate everybody but it's better to try than
sitting around blocking this and that and not really solving the issue
at hand.
My .02 cents.
Hi!
The only thing I don't see is a way to remove these bots!
Not everyone knows how to even look at their machines for signs of these
bots. Heck, I know most of my guys here don't even know how these bots
work.
For a compromised system, insert CD, reinstall!
It would be impossible to educate everybody but it's better to try than
sitting around blocking this and that and not really solving the issue
at hand.
My .02 cents.
If a pro cannot clean it out safely, then i cannot imagine our typical homeuser would be able to... and with some luck he installs a firewall and antivirus next time, after reinstalling his system for the 4th or 5th time.
Bye,
Raymond.
Joel Perez wrote:
I keep reading these articles and reports about this botnet and that
botnet problem and how many user's pc's are infected.
The only thing I don't see is a way to remove these bots!
Not everyone knows how to even look at their machines for signs of these
bots. Heck, I know most of my guys here don't even know how these bots
work.
It would be impossible to educate everybody but it's better to try than
sitting around blocking this and that and not really solving the issue
at hand.
That again. Thats not an operational problem. Thats a help desk issue. Operational is mail-ops nailing these infected people and net-ops cutting them off at the knees and yanking their connectivity. This is exactly the direction we want things to be heading.
If a pro cannot clean it out safely, then i cannot imagine our typical homeuser would be able to... and with some luck he installs a firewall and antivirus next time, after reinstalling his system for the 4th or 5th time.
You may want to check out some AT (Anti-Trojan) software such as The Cleaner and BOclean.
Gadi.
Hi!
If a pro cannot clean it out safely, then i cannot imagine our typical homeuser would be able to... and with some luck he installs a firewall and antivirus next time, after reinstalling his system for the 4th or 5th time.
You may want to check out some AT (Anti-Trojan) software such as The Cleaner and BOclean.
You will never be sure you have picked up all, only the known ones. For a compromised system, unless running tripwire or something, reinstall!
Its a nice start, but it also tell people i am safe, and they dont know for sure. Seeing our abuse department getting tickets over and over about the same customers its a fact that they just simple are not able to clean it out easilly. Then its better to instert foot (CD) and start all over.
Bye,
Raymond
You will never be sure you have picked up all, only the known ones. For a compromised system, unless running tripwire or something, reinstall!
You can never be sure, that's why it's a backdoor/Trojan horse.
Its a nice start, but it also tell people i am safe, and they dont know
Yes, it is. AV products have not taken Trojan horses seriously for years, and called them "garbage" samples. Now they start to change that due to almost any sample out there being also a Trojan horse, but not drastically enough
for sure. Seeing our abuse department getting tickets over and over about the same customers its a fact that they just simple are not able to clean it out easilly. Then its better to instert foot (CD) and start all over.
Then using AT programs is a good start. A clean slate is always better, but your grandma won't agree.
Gadi.
BZZT! But thank you for playing.
Don't *RE*-install. If you got whacked by a bot on Monday, and re-install
Sunday's configuration of software on Tuesday, all that means is that Wednesday
you'll get re-whacked. Lather, rinse, repeat.
Install *SOMETHING ELSE*. Something less vulnerable to all this manure.
(I'll mention the *other* alternative, replacing/upgrading the user, mostly
for completeness and so we can all have a good chuckle)
>You will never be sure you have picked up all, only the known ones. For
>a compromised system, unless running tripwire or something, reinstall!
You can never be sure, that's why it's a backdoor/Trojan horse.
>Its a nice start, but it also tell people i am safe, and they dont know
Yes, it is. AV products have not taken Trojan horses seriously for
years, and called them "garbage" samples. Now they start to change that
due to almost any sample out there being also a Trojan horse, but not
drastically enough
>for sure. Seeing our abuse department getting tickets over and over
>about the same customers its a fact that they just simple are not able
>to clean it out easilly. Then its better to instert foot (CD) and start
>all over.
Then using AT programs is a good start. A clean slate is always better,
but your grandma won't agree.
Unfortunately, starting over in some operating systems means re-installing
EVERYTHING, and since applications tend to get installed over time, the
installation media for each and every app may not be available. Backups
are not very useful, because just placing the executables and the work
product/data files in the right place will not work in some Windows systems
if the proper registry entries are not there.
Also, if you reinstall in the wrong order you can wind up in DLL hell.
...which simply reinstalls the old vulnerabilities that made the machine
suspectible to compromise in the first place. If you can't patch up from
the buggy baseline in time, reinstalling from original media is often
the worst thing you can do, if the machine is still connected to the
network. And if the machine is NOT connected to the network, it is often
not possible to get the security updates downloaded that patch the
vulnerabilities.
I keep reading these articles and reports about this botnet and that
botnet problem and how many user's pc's are infected. The only thing
I don't see is a way to remove these bots!
http://www.sun.com/software/javadesktopsystem/features.xml
http://www.apple.com/macosx/
matto
--matt@snark.net------------------------------------------<darwin><
The only thing necessary for the triumph
of evil is for good men to do nothing. - Edmund Burke