![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
We've got HackerDefender.gen.c on the loose here. Several of our servers, one or two of other people's, and a few workstations, mostly here.
Wonder how it got in? Wonder how it spread around?
For workstations we're telling people to re-install Windows, so my bit's easy.
For server's, Shaz is telling people how to make it reveal itself so it can be deleted (system internals utility rootkitrevealer), though VirusScan will get it in Safe Mode. Then he wants all pws changed and a security audit of the machine. He knows his stuff - so many people here don't even think about security until it's too late. The campus perimiter firewall is still on "only shut down threats that have caused problems" instead of "only open what's required".
"People need to work from home" - well make them use ssh and validate by IP, not just passwords, FFS.
Wonder how it got in? Wonder how it spread around?
For workstations we're telling people to re-install Windows, so my bit's easy.
For server's, Shaz is telling people how to make it reveal itself so it can be deleted (system internals utility rootkitrevealer), though VirusScan will get it in Safe Mode. Then he wants all pws changed and a security audit of the machine. He knows his stuff - so many people here don't even think about security until it's too late. The campus perimiter firewall is still on "only shut down threats that have caused problems" instead of "only open what's required".
"People need to work from home" - well make them use ssh and validate by IP, not just passwords, FFS.
There are 4 comments on this entry. (Reply.)