Re: Antivirus firms discover Bots

["Gregh" <chows () ozemail com au>]

----- Original Message ----- 
From: "Sean Donelan" <sean () donelan com>
To: <nanog () merit edu>
Sent: Sunday, May 16, 2004 9:45 AM
Subject: Antivirus firms discover Bots


> I'm glad that anti-virus firms are noticing the growth of Bots.
> Unfortunately, their guestimating ability is still woefully inadequate.
>
> Even frequent updates to anti-virus software won't help.  Many
> bots disable automatic updates and block access to the antivirus
> sites.  By the time anti-virus software detects somethings wrong,
> its already too late.  The solution is to make certain your computer is
> not compromised, instead of relying on anti-virus to clean it up later.


Please note the "removal tool" from Mcafee, called Stinger, has also been
targeted by some. Just attempting to run it off a floppy or CD will not work
nor will it be allowed, by some of them, to be copied to HD. The simple
answer is to download it and rename it to something else before introducing
it to the new machine AND booting safe mode for Windows machines to get it
going, anyway.

I have also noted that permissions on XP machines have been altered but so
far have not noticed the Admin account being changed at all unless the user
is actually using the setup Admin account as the only account on the
machine.

Greg.