Security Basics
Bad Antivirus Jan 30 2013 03:39AM
sec milis (sec melis gmail com) (1 replies)
RE: Bad Antivirus Jan 30 2013 05:31PM
Dan Lynch (DLynch placer ca gov)
You can no longer trust those servers. Cut your losses, format, re-install, and restore the executables from known-good backups. Change any passwords that may have been typed at the server's console, or stored or cached locally on the server. If the servers stored or handled any sensitive data make the appropriate notifications. Evaluate any other hosts in the environment, keeping in mind that this can spread via shares and removable drives. Then determine how the infection occurred, and take steps to ensure that it doesn't happen again.

Dan Lynch
Information Technology Analyst
County of Placer
Auburn, CA

> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> On Behalf Of sec milis
> Sent: Tuesday, January 29, 2013 7:40 PM
> To: security-basics (at) securityfocus (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Bad Antivirus
>
> Dear folks,
>
> I have 3 W2K3 servers, each are running same software binary exe files. One
> month ago, they infected with some rootkits and viruses which later on I know
> from antivirus detection this malware called sality, ipz, etc.
> After installing a new antivirus and revealed the malware, some of my software
> seems not running as expected. At the moment, I suspect that the malware still
> there because the AV may not capable to clean them all. I tried using 3 or 4 most
> popular AV, but all were claimed the servers are clean while my software
> couldn't run smoothly. In fact, some of exe files has been changed in size while I
> am not sure whether this changed made by viruses or 'bad' AV I just installed.
> If I try to proof that my exe files has been changed by this 'bad' AV, does anyone
> know how to proof this things ? By reversing this exe files, is it possible to get
> which part of the files has changed ?
>
> Thank's
>
> Ibha ID
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate In this guide we
> examine the importance of Apache-SSL and who needs an SSL certificate. We
> look at how SSL works, how it benefits your company and how your customers
> can tell if a site is secure. You will find out how to test, purchase, install and use
> a thawte Digital Certificate on your Apache web server. Throughout, best
> practices for set-up are highlighted to help you ensure efficient ongoing
> management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f
> 727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus