Re: what is your advice to your users

[Jeni Li <jeni.li () ASU EDU>]

> I am very reluctant to roll out the 3rd party patch for fears 
> of how it will impact the installation of the official
> Microsoft patch when it arrives. 

FWIW... the third-party patch can be removed easily through the Add/Remove Programs control panel before installing the 
Microsoft patch. I don't think you could say the same for the malware installed by exploit payloads over the next week.

Here is a report from an InfraGard member who was infected last week:

<begin quote>
" I really hate to admit it, but I caught this bug [the WebHound payload] on my desktop yesterday afternoon just before 
going home for the day. I had to shut the machine down overnight and do the remedial work this morning. It had totally 
taken over my desktop, and although I never got as far as the "registration" phase, I was unable to regain control of 
the machine. This morning I booted into Safe Mode with a Command Prompt, and ran the system restore, going back to a 
save from the 19th. The machine came right up, complete with desktop icons and a taskbar (both missing the night 
before), and I immediately updated Symantec, SpyBots and Ad-Aware, ran all of them, then got StopZILLA and ran that. 
I'm back in business.

" This was the first worm, virus or malware that has gotten me in many years. And it is a hairy one. Be careful.

" By the way, I picked it up at a site where amateur musicians post their music for folks to hear. I was trying to hear 
a tune performed by the mother of one of the scouts in my kid's Cub Scout Den. I figured that was a pretty safe place 
to hang out, but I was wrong."
<end quote>

Jeni Li
Web/Unix Systems Administrator
Arizona State University, at the Polytechnic campus