Yager is a Mac Enterprise software writer (surprisingly, one exists). He experimented with a Windows server and was infected by the "MS06-040" worm. Since then he's been writing about the sequelae. He quotes a SANS article:
You really cannot andI wonder how NAV handles this. I've been unimpressed by NAV, though my current XP solution, Windows OneCare (or whatever it's called) has it's own issues.
* Even if you delete the keys that start the malware,
* your settings will be mangled, e.g. a test infection with the wgareg.exe:
* created 17 new registry keys
* modified 77 other keys including keys used for firewalls, sharing of files, etc.
* That was just the infection itself, no follow up, no communications with the C & C
* Like any bot it is unpredictable in what the C & C caused the bot to do
The bottom line is that in the new XP world backups are increasingly important -- because if you get infected you'll need to wipe everything, restore data only to some safe location, cleanse the data, then restore the data -- if that can be done. Hmm. Maybe the better solution is to restore the data to an OS X machine and forget XP.
I wish I knew how many NAV users who think they don't have a problem are infected, I have no idea how common that is.
No comments:
Post a Comment