Infected Bot machines

["Crawford, Charles D" <ccrawf () KU EDU>]

Good Monday Morning,

Are any other schools having problems with the many variants of the
Rbot, Sdbot infections?  We are seeing an increase over the weekend of
these infected hosts targeting selected systems in what appears to be a
DDOS attack.. I know imagine that...IRC doing malicious activity :)

Anyway I am curious as to what other Universities are doing in regards
to  recommended procedures for cleaning these systems up, as I have
found that AV utilities only work about half the time, if that.

I have been suggesting to do full system reimages, changing passwords,
etc but am having a hard time convincing management that is the best
route.

Thank you,

Charles Crawford
IT Security Officer
University of Kansas
(785)864-0491
ccrawf () ku edu
www.security.ku.edu

> Any revelation of a secret happens by the mistake of [someone] who
> shared it in confidence.  
> -- La Bruyere, 1645-1694
>      
>             

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.