Episode 61 - W32/Rbot-GLI
Posted by Podcast Team on 9 Apr 2007 7:44 pm. Filed under Podcasts.
Your Hosts: Matt, Frank, Ken, and DJ
- W32/Rbot-GLI Virus
- IRS Rant
- School Tools
- Java vs Flash
- Garmin Street Pilot C530
- ATI Cross Fire and Vista
- Wii Virtual Console Reviews
Running time: 56:10
Download Here
On April 10th, 2007 at 3:35 pm
Hey guys. I had to make a comment about Mac OS X.
I almost fell off my chair when I heard one of you (I think it was the “Mac snob” :-p ) say that OS X runs Linux under the hood. That’s incorrect. Darwin, which is an offshoot of the BSDs, is what runs under the hood. The kernel is based off of FreeBSD.
Just thought I would pass that from one Mac Snob to another.
(Actually, I love Linux, the BSDs, and OS X….can’t say that much about Windows though. :-p)
Thanks for another great podcast!
Claudio
On April 10th, 2007 at 3:54 pm
The name of the site is Justin.tv.
http://www.justin.tv/
-Claudio
On April 11th, 2007 at 8:48 am
Awesome, thanks. Don’t you hate it when something that simple escapes you.
On April 11th, 2007 at 12:03 pm
We tried both Symantec and McAfee, arrg… drop them as they are usless (as you found out). We use Sophos and not have had any virus infestations for over 8 years. We have had a few computers have viruses stopped (by Sophos) including code red, and a few others. We use Antigen on our e-mail server. Antigen was bought by MS, lets see what they end up doing with it to break it. Our Antigen uses the following scan engines on all inbound and outbound e-mail; Norman Data Defense, Microsoft AV, Sophos Anti-Virus, CA InoculateIT, CA Vet, Command, Antigen Worm List, VirusBuster, Kaspersky, and SpamCure.
We have had zero (known) viruses make it past Antigen.
FYI: Antigen is now called MS Forefront.
-Eric
On April 11th, 2007 at 11:16 pm
You guys seen Yahoo! Teachers yet?
http://teachers.yahoo.com/
Interesting, to say the least.
On April 12th, 2007 at 1:59 am
Hello guys.
First of all I want to say that it was a great show as always. Regarding your virus / malware problem, here are some tips:
-You can use Web Historian (http://www.mandiant.com/webhistorian.htm) to find out the link the file came from. Most probably the page in question contained an exploit for IE and automatically downloaded and executed the file in the background. I don’t want you to accuse you of not patching the systems
, I just say that this is usually how it works.
An other way to find out more information about a malware is to submit the file to sites which scan it with multiple AV engines (a list of which can be found on my blog: http://hypefree.blogspot.com/2007/03/how-to-submit-suspected-malware-samples.html) and then search for the different names under which it is detected.Also you can submit the sample to the support of your AV company directly and ask them for removal instructions (also, because you have such a great show I would like to offer a free analysis of the file – I’m a virus researcher at a AV company – send me an email if you are interested)Using an AV product different from the “big two” and low reaction time can keep you protected more often (you can read about the reasons on my blog: http://hypefree.blogspot.com/2007/04/active-vs-reactive-protection.html). A very good independent testing organization is AV-Comparatives: http://www.av-comparatives.org/On April 12th, 2007 at 7:01 am
We’re using Sophos at our school district as well, and so far it’s been much better than McAfee VirusScan. The Windows PCs are much more responsive compared to how slow they ran with McAfee on them.
On April 17th, 2007 at 12:13 pm
sorry i’m late, but symantec really stinks as you found out – I’ve found that the console only shows desktops that have checked in with in a user configurable time – say 10 days. If the pc doesn’t check in for 11 days (because it’s broken for example) then it will not be in the console and you won’t see it and realise it is not there.
For checking for websites, use iehv.exe from nirsoft and point it to the temporary internet files location – that will give you the websites that were visited and the date/time of the virus infection will tell you what site they were looking at.
The idea that symantec’s upgrade of the engine/program does not work with liveupdates or definition updates is crazy. Also the fact that the default installation for the updates also means that every machine silently reboots, which is very scary when you run this for the first time on a network and every pc shuts down – you can hear the progress from the screens.
I’ve also had symantec fail to catch virus’s that have been out for 3 or 4 years .
Sophos comes from the UK and has pretty good ratings from a lot of the virus reviewers, avg tends to get poor detection scores, fine for home users, but I wouldn’t trust it on a corporate network.
On July 28th, 2007 at 7:43 am
Is there a chance I get a hold of your AV script and the asp page?
How did you even execute this on all machines (logon script?).
Thanks in advance.