Stuff n Things
Content from a CSS Security Engineer usually covering FCS and Incident Response
January 2009 - Posts
Using Logparser + Eventcomb to find malware
During the course of these Conficker / Downadup issues we typically see cases that started because accounts are getting locked out. I pause briefly here to point out that account lockouts are the work of the devil and are a sorry excuse for most
Read More...
How-to: Removal of Conficker in your FCS environment
Another Conficker post :) however this one is aimed at our FCS customers. It semi-applies to other customers however other AV vendors operated differently with regards to updates etc so this won’t necessarily be applicable to all. So today is Patch Tuesday
Read More...
More on File Shares and Autorun.inf with regards to malware
So in my last post I mentioned the fact that Conficker/Downad whatever can also have a component that will spread through file shares that allow everyone to write at the root level of the file share. So a typical autorun.inf looks something like this..
Read More...
Malware Win32/Conficker.B W32.Downadup.B
So for the past 2 weeks now we are absolutely getting hammered with calls in CSS Security here at MS with organizations contracting this piece of malware. You can find write-ups from various AV companies at the following URL’s http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=76852
Read More...
Search
This Blog
Home
Email
Tags
FCS
FCS ADM
FCS Database
FCS Definitions
FCS Policy
Forefront Client Security
Incident Response
SCE
Scheduled Scans
System Center Essentials
WSUS
Archives
October 2009 (1)
July 2009 (1)
May 2009 (2)
April 2009 (1)
March 2009 (2)
February 2009 (2)
January 2009 (4)
November 2008 (2)
October 2008 (3)
September 2008 (1)
August 2008 (2)
Links
FCS Support Blog
Johan Blom's Blog FCS MVP
FCS Product Team Blog
Yaniv Feldman's Blog
Syndication
RSS 2.0
Atom 1.0
