Support Wars

Sophos recently released an emergency boot disk for cleaning up pesky infections. The 85 MB iso boots straight into a Sophos Antivirus menu with 5 options: Scan for Viruses (detect only) Disinfect Viruses Delete Viruses Keyboard Layout Bash Shell Simple, easy and free (with eval credentials). Update: Testing shows that this disk is missing support [...]

Found a great article while browsing Schneier on Security. This chunk was real interesting because I see this behavior associated with variants of Troj/Virtum (Virtumundo). make a poller which continuously polls about every 10 seconds or so to see if the BHO was there and alive. If it was, great. If it wasn’t, [ the [...]

Symantec has a great write up of Conficker and how it attempts to spread across the network.  I wish more organizations would publish detailed information like this. Update:  Added 5 more links from Symantec including a resolve tool for clearing Conficker. Downadup: Small Improvements Yield Big Returns Downadup: A Lock with No Key Downadup: Geo-location, [...]

If you’re using an installer package to deploy Sophos Antivirus, you’ll have the  invalid manifest error if the package was created prior to Dec 11th.  Unless there is any custom scripting, the fix is very simple.  Following the instructions from the Sophos Website, simply open the archive (zip, rar etc…) and replace the contents of [...]

Lenny Zeltser, a handler at SANS Internet Storm Center wrote a great article on Data Mining Twitter.  I spent the next three hours trying out a few techniques outlined in the article.   One item of interest made me laugh because it’s something I regularly do. As you gather information on Twitter, be mindful of others [...]

My trusted brand of Hard Drives, Seagate is having major issues with their Barracuda 7200.11.  With reported failure rates of 30%, Seagate is now offering free data recovery for those drives.

Nearly three months after the release of MS08-067, W32/Conficker is still spreading.  Here are a series of links to understand and combat the threat. Microsoft Malware Protection Center MSRT Released Addressing Conficker US-CERT Technical Cyber Security Alert TA09-020A

TechRepublic has a great article today on botnet recruiting methods and basic defense.  Check it out here.

My favorite folks at SANS ISC are reporting the start of a DDOS attack that is using open DNS servers to amplify their attack.  You can test your DNS servers from their site here.

If your Sophos Antivirus clients have mysteriously stopped updating on Jan 16th, here’s the link for you. A new security certificate was put in place for all clients starting Dec 11th. If your clients haven’t updated since then, all further updates will fail until you take the corrective steps in the link above. A failure [...]