Re: LAN Virus outbreak Procedures

[d4ncingd4n () gmail com]

If you know the name of the executable files, you may be able to use a software restriction policy in active directory 
to kill or limit the virus.

 Try to determine the infection mechanism. Don't forget to check any backup media, usb keys, etc to prevent 
reinfection. 

If you can isolate infected hosts as Russell mentioned, it will make it easier. 

As far as prevention, make sure the users are running with least user privileges, remove unneeded software from the 
machines, keep ALL software patched not just MS products (removal of unneeded software makes this easier), disable 
unneeded services, use different administrator  passwords for each local machine if possible (to stop worms and pass 
the hash), segment critical machines (911) from web surfing machines on the network, etc. *user education *. Use this 
episode to illustrate the risks. (do you really want someone to die because 911 is down because you infected your 
machine playing Farmville?)

Good luck!

Bart
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Tyler Robinson <pcimpressions () gmail com>
Sender: pauldotcom-bounces () mail pauldotcom com
Date: Thu, 2 Sep 2010 13:24:11 
To: PaulDotCom Security Weekly Mailing List<pauldotcom () mail pauldotcom com>
Reply-To: PaulDotCom Security Weekly Mailing List
        <pauldotcom () mail pauldotcom com>
Subject: Re: [Pauldotcom] LAN Virus outbreak Procedures

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com