Re: The dreaded outbreak scenarion

[Ben Jackson <bbj () mayhemiclabs com>]

On Sun, Oct 21, 2012 at 11:25 PM, Pat <nutjob.ie () gmail com> wrote:
> Hi Guys,
>
> I'm pitching in to try and contain/slow/delay an outbreak while av
> signatures have a chance to catch up and lessons are being learned the hard
> way.
>
> Is there any software tools available that can disable or block DLL
> injection. This could help us slow down the spread.
>
> (its far too late to suggest not running as admin in a 2k3 enviroment)

I know you're not going to want to hear it, but to paraphrase Agent
Smith "Lieutenant, your workstations are already dead"

If you're aware that it's spreading, it's already too late to "slow"
at this point. The only option is to contain it by disconnecting
infected machines ASAP. Doubly so if the malware has admin
credentials. Your strategy at this point should be:

* Locate infected machines
* Disconnect them
* If it has admin credentials, change *all* passwords. Users and admins.
* Reimage infected machines
* Pray

Anything else you'll likely run into it flaring up again at a later date.

-- 
Ben Jackson - Mayhemic Labs
bbj () mayhemiclabs com - http://www.mayhemiclabs.com - +1-508-296-0267
"Assume that what is in the power of one man to do, is in the power of another"
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com