[Sysadmins] increase in zero day attacks.

Harry Duncan usr.src.linux at gmail.com
Wed Oct 14 11:43:57 IST 2009


On Wed, Oct 14, 2009 at 10:55 AM, murf <murf at syndicate7.net> wrote:
> On Wed, 14 Oct 2009, Harry Duncan wrote:
>
>> Hi Guys,
>>
>> My last week and a half seems to be spent dealing with zero day virus
>> attacks on windows clients. 95% of these are "XP Antivirus 2009"
>> spyware attacks which seem to have new builds deployed online on a
>> very quick rotation to keep it well ahead of the AV companies update
>> release schedule.
>>
>
> I was wondering if I was just unlucky this week! Seeing quite an increase in
> virus activity here too. Any idea if banning IE would help? I advise the use
> of firefox, but some people have preferences. (It's a pretty tech savvy
> environment in here, and I don't like banning things unless really needed).

One of my hits was in a firefox environment, so I don't think thats
going to work. The disproportionate infection rate between IE and
firefox hosts seems to be more to do with the browser choice than any
inherent technology weakness in either platform.

I've been looking to see if its possible to get a feed of hosts from
stopbadware.org but it seems geared towards webmasters finding their
sites in the lists and dealing with it, rather than providing a "RBL"
type respository of bad hosts.

Taking a look at squidguard now.....

Harry.



More information about the Sysadmins mailing list