PaulDotCom mailing list archives
Re: The dreaded outbreak scenarion
From: Pat <nutjob.ie () gmail com>
Date: Mon, 22 Oct 2012 16:20:07 +1100
Hi Alison, Similar problem, variant of xpaj. File infection virus with heavy encryption. It is spreading using mapped network shares and form pcap logs does not seem to be taking the approach of actively jumping hosts. It is not as far as I can tell using remote exploits. Its first action is to load and inject itself into svchost, explorer and really any process it can. This is what id like to stop to buy time and the easy way would be not to have administrative logins but now long past that stage. So I'm curious if there is a process to disable dll injection or set *NT* loader *lock, hook debug apis myself and disable them or similar to prevent it *going* resident. * If not I may try and take it on as a side project to see if I can come up with something. Thanks, Pat On Mon, Oct 22, 2012 at 4:02 PM, allison nixon <elsakoo () gmail com> wrote:
DLL injectionWhat exactly are you talking about here? Is this an outbreak of some worm that abuses a windows networking protocol? Like something Conficker-ish? Make sure a machine is patched against these vulnerabilities before putting them on the network. The latest patch ought to do it. Also using firewalls to block ports used by the vulnerable service should help. On Sun, Oct 21, 2012 at 11:25 PM, Pat <nutjob.ie () gmail com> wrote:Hi Guys, I'm pitching in to try and contain/slow/delay an outbreak while av signatures have a chance to catch up and lessons are being learned the hard way. Is there any software tools available that can disable or block DLL injection. This could help us slow down the spread. (its far too late to suggest not running as admin in a 2k3 enviroment) Regards, Pat _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- The dreaded outbreak scenarion Pat (Oct 21)
- Re: The dreaded outbreak scenarion allison nixon (Oct 21)
- Re: The dreaded outbreak scenarion Pat (Oct 22)
- Re: The dreaded outbreak scenarion gold flake (Oct 22)
- Re: The dreaded outbreak scenarion allison nixon (Oct 22)
- Re: The dreaded outbreak scenarion Ben Jackson (Oct 22)
- Re: The dreaded outbreak scenarion Ryan (Oct 22)
- Re: The dreaded outbreak scenarion Pat (Oct 22)
- Re: The dreaded outbreak scenarion Mike () pauldotcom com (Oct 23)
- Re: The dreaded outbreak scenarion allison nixon (Oct 21)