[Sysadmins] increase in zero day attacks.

Harry Duncan usr.src.linux at gmail.com
Wed Oct 14 09:23:00 IST 2009


Hi Guys,

My last week and a half seems to be spent dealing with zero day virus
attacks on windows clients. 95% of these are "XP Antivirus 2009"
spyware attacks which seem to have new builds deployed online on a
very quick rotation to keep it well ahead of the AV companies update
release schedule.

The installs seem to be from posioned google searches, if you take a
search for something topical like "Stephen Gately Funeral", up pops
sites looking like they've got what you want, which once you get in,
give you confusing popups which lead me to believe that education
alone isn't going to keep these new threats out, once you get into the
site its pretty hard not to get stung.

I'd like to stop dealing with compromised machines and proactively
block this. Wondering if any of you are using or know of site blocker
lists for squid which might be useful in keeping users away from these
sites?

Harry.



More information about the Sysadmins mailing list