|
|
|||||||
***totally un-kix related rant, sorry about the off topic post*** By "it", I mean the type of "it" with a "sh" in fount of it. Why yes, we were hit by the veryfunny.vbs thing this morning. A set of circumstances, that only the great administrator in the sky could bring about, was the cause of my new ulcer. 1. Some how an attachment got past our exchange server at 12:03am (central time), I am still looking into that. 2. We have virus scan on all the computer (500+) to handle this very thing. 3. On 6 of those computers (all win9x) they were in the middle of upgrading. Mcafee was not running when they ran the virus... 2000+, and climbing, virus/email latter, the email server is still paying catchup and i won't hook it back up for at least another 3 hours. On the 6 users... I never installed WSH/VBS, they did it on their own. I want their heads on a pike! As a side note we normally get about 5-10 incoming virus hits a week. Email server is set to scan all attachments. I am suspecting a Yahoo type mail account was the security hole.
|
||||||||
|
|
|||||||
Bryce! I read your scripts as a virusvarning. I have no help for you, but when you get the time please reply to this: I am using Norton-antivirus, so i might get some alerts you don't receive and vica versa. We where hit by the LoveLetter virus some time ago. After that i disabled WSH/VBS on all workstations via the logon-script. Erik [This message has been edited by kholm (edited 23 October 2000).] |
||||||||
|
|
|||||||
Erik: Yes I am implementing the kix removal of wsh/vbs by using the logon script (I should have done this long ago!!) We were hit by veryfunny.vbs it is just a loveletter variant. I am also going to be reevaluating the latest security update for outlook. And will try to implement it before the end of the week.... I still haven't been able to find out how the attachment got through, but it look's like my virus scanner failed (Mcafee GroupShield). The initial user received the attachment at 6:45am. Several other people also received the same email, but the server caught and cleaned those, but not her's. At 9:11am she ran the attachment, her local virusscan was disabled waiting on a reboot to bring it up the latest version. At 9:12 the second user ran the attachment, and then the next user..... until a total of 7 people had ran the virus, resulting in a complete and total overload for the server based virusscan to catch them all. I was out of the building and I wasn't informed until almost an hour after the initial infection. That is when one of my help desk tech's shutdown both mail servers, while scrambling to get in touch with me (At this time I was on my back upstairs to my office). It took me another 20 min to get up to speed and get the servers running on a separate network, also hooked my self up to this separate network. Started a Scan On demand at 10:02am and at 4:12pm it just finished For those who are interested... Total number of infected email's was..... 4095!! ...... yea.
|
||||||||
|
|
|||||||
Hya Bryce.., Hope you did get some sleep yesterday. All the 600+ users in our domains are code-developers and they need VBS-**IT..!! During the 'LoveLetter'-rage I had a script which (with 1 click) would remote (forcefully) shutdown a system, deletes it's network configuration from it's registry and removed it from the domain.. Fortunatly I had to use this only twice..!! I wish you luck and good speed with recovering from this **IT ------------------ Fabian. -----------------Paranoia is reality on a finer scale----------------- |
||||||||
|
|
|||||||
We are already back up and running, the 7 infected computers have been cleaned and no more mr. nice administrator What cause this to happen was the fact that I was not forcing the win9x computers to reboot after a Mcafee update. Well as of this morning they will have no choice but to reboot. I also am making the default action for vbs files to be opened in notepad.exe. Bryce |
||||||||
|
|
|||||||
Preventing virus-attacks via Outlook-mail Security patch for Outlook 2000/98 Bryce I had just initiated the rollout of the patch last friday (10/20/2000), that was why i was curious (Now installed on 505 of 540 workstations on the LAN, the rest hasn't been logged onto yet, i am stil I haven't had any bad experiences after installing it, quite the opposite, users are now prevented from Security patch for Outlook 2000/98 When installed it is easy to change settings, works via the Outlook form: Outlook security setting. It is now possible to remove filetypes from Level 1: Files not possible to send and receive, this By default the "Unsafe" (Level1) files are: Look in Information About the Outlook E-mail Security Update Erik [This message has been edited by kholm (edited 25 October 2000).] |
||||||||
|
|
|||||||
BRYCE, Dude, I feel your pain. Hope this makes you feel better. code:$a = 6
------------------ [This message has been edited by BoxKite (edited 25 October 2000).] |
||||||||
|
|
|||||||
I also replaced all wscript.exe and cscript.exe files with a renamed notepad.exe user: "why does notepad open every time I read this email" |