Home page logo
/

basics logo Security Basics mailing list archives

RE: Protecting Home Machines
From: "Nicholson, Dale" <DNicholson () APACMail com>
Date: Mon, 24 Nov 2003 11:23:22 -0600

Note that if you don't install a firewall before connecting to the internet
to download windows updates you will probably be infected before you have
the chance to complete the downloads.

Just last week I re-dropped a laptop with w2k pro.  I installed Tiny and AVG
before connecting.  Within 30 seconds of being online Tiny was throwing up
dozens of alerts, one of which looked like nachi.



-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu]
Sent: Thursday, November 20, 2003 8:22 PM
To: 'Cherian M. Palayoor'; security-basics () securityfocus com
Subject: RE: Protecting Home Machines


  Nachi infects by way of the same vulnerability as MSBlast.
In addition to reinstalling the *OS*, you needed to install the
various security patches to bring it up to date.

David Gillett


-----Original Message-----
From: Cherian M. Palayoor [mailto:cpalayoor () cwalkergroup com]
Sent: November 20, 2003 11:23
To: security-basics () securityfocus com
Subject: Protecting Home Machines



I have a remote user whose laptop was severely infected by the trojans
MSBLAST & WiNSHOW.A.

I reinstalled the OS on the machine following a complete reformat, and
installed an anti-virus with the latest update. I ran a 
complete scan on the
machine prior to shipping the machine back to the user.

However as soon as the user took back the machine home, he 
was infected by
another worm (NACHI.A) within a few minutes of connecting to 
the internet
through his high speed cable modem. He swears that he had not 
downloaded
anything nor tried any removable media on this machine.

Following a bit of research on the matter, I am now aware 
that it is possible
for machines to get infected on the fly especially through 
unprotected home
internet connections.

The question is, "What do I do to prevent such occurrences which have
increased of late."

My thanks in advance for any thoughts or words of advise. 


CP


--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]