Windows Vista Forums

Uptick in Viruses?

  1. #1


    Richard K Guest

    Uptick in Viruses?

    Has anyone noticed a major uptick in viruses affecting XP Pro clients on
    SBS2003 networks over the past few months? I'm talking the "you have been
    infected with a virus and we are going to scan... click here to purchase our
    product" type of viruses. I have been using MalwareBytes to clean them but
    even MB is missing a few unless the database is REALLY up to date.

    I have given a lot more latitude to clients in letting them have local admin
    priv. and I am very good at keeping clients up to date in software patches
    and AV (trend WFBS) but am rethinking the local admin rights. The only
    thing that puts a hole in that theory is I have another associate who is
    major league locked down with non-local admin rights, updates, AV etc. in
    addition to a very good appliance firewall from Barracuda. His XP Pro
    clients are still getting hit. Labor to fix these issues is starting to get
    bad.

    thoughts?



      My System SpecsSystem Spec

  2. #2


    Susan Bradley Guest

    Re: Uptick in Viruses?

    Richard K wrote:

    > Has anyone noticed a major uptick in viruses affecting XP Pro clients on
    > SBS2003 networks over the past few months? I'm talking the "you have
    > been infected with a virus and we are going to scan... click here to
    > purchase our product" type of viruses. I have been using MalwareBytes
    > to clean them but even MB is missing a few unless the database is REALLY
    > up to date.
    >
    > I have given a lot more latitude to clients in letting them have local
    > admin priv. and I am very good at keeping clients up to date in software
    > patches and AV (trend WFBS) but am rethinking the local admin rights.
    > The only thing that puts a hole in that theory is I have another
    > associate who is major league locked down with non-local admin rights,
    > updates, AV etc. in addition to a very good appliance firewall from
    > Barracuda. His XP Pro clients are still getting hit. Labor to fix
    > these issues is starting to get bad.
    >
    > thoughts?
    >
    >
    yup.
    It's malicious banner ads in google hits.

    Block the banner ads from the rotation.

    Start killing off XP.

      My System SpecsSystem Spec

  3. #3


    Gregg Hill Guest

    Re: Uptick in Viruses?

    Behind a well-configured WatchGuard firewall, those pages are no threat. The
    fake page comes up (or at least parts of it), but no executable files (DLL,
    EXE, SYS, etc) can reach the computer, so they end up being just a scary
    annoyance.

    For clients without a WatchGuard in place, I have seen them get by AV
    software. One day it will get by Norton/Symantec, another day it gets by
    WFBS, yet another day, it gets by a different vendor. Completely innocent
    searches can get one into trouble. My wife searched Google for "tuxedo
    cheesecake recipe" and got one of those pages. She stopped and told me, then
    I had my way with it through the WatchGuard, and it stopped everything that
    tried to get through it.

    I have my WG set very tight, only trusting Microsoft, Trend Micro, and a
    couple others for access to executables. For others that are blocked but
    needed, I have a temporary-use bypass username and password that allows the
    download, but AV scans it as it comes in. For a user to get infected, they'd
    have to ignore the screaming red warnings in my custom deny message from the
    WG that the file might be infected, they'd have to know the bypass username
    and password, the download would have to get by the WG's AV scan (using
    AVG), and get by the different vendor's AV on the desktop. In my testing,
    that is nearly impossible (never failed yet!). I test with an unpatched Win
    2000 VPC with no antivirus, and with an unprotected XP VPC.

    Gregg Hill

    --
    Gregg's pet peeves:

    First of all, what does a peeve look like, and why would anyone want one as
    a pet?

    Peeve #1: Apostrophes: when in doubt, leave them out! You will be correct
    more often than not.

    Its = Belonging to it. For example, "Look at the sky. Its color is blue."
    It's = It is. For example, "It's hot today."
    It's = It has. For example, "It's been nice talking to you."
    Its' = completely incorrect usage. Stop it!


    Peeve #2: Your vs. You're
    "Your" means belonging to you, as in, "It's your truck."
    "You're" means "You are." Example, you're probably about ready to throttle
    me for this peeve!

    "Richard K" <rkokoski@newsgroup> wrote in message
    news:OvjkyYBvKHA.3408@newsgroup

    > Has anyone noticed a major uptick in viruses affecting XP Pro clients on
    > SBS2003 networks over the past few months? I'm talking the "you have been
    > infected with a virus and we are going to scan... click here to purchase
    > our product" type of viruses. I have been using MalwareBytes to clean
    > them but even MB is missing a few unless the database is REALLY up to
    > date.
    >
    > I have given a lot more latitude to clients in letting them have local
    > admin priv. and I am very good at keeping clients up to date in software
    > patches and AV (trend WFBS) but am rethinking the local admin rights. The
    > only thing that puts a hole in that theory is I have another associate who
    > is major league locked down with non-local admin rights, updates, AV etc.
    > in addition to a very good appliance firewall from Barracuda. His XP Pro
    > clients are still getting hit. Labor to fix these issues is starting to
    > get bad.
    >
    > thoughts?
    >
    >

      My System SpecsSystem Spec

  4. #4


    Leythos Guest

    Re: Uptick in Viruses?

    In article <OvjkyYBvKHA.3408@newsgroup>,
    rkokoski@newsgroup says...

    > Has anyone noticed a major uptick in viruses affecting XP Pro clients on
    > SBS2003 networks over the past few months? I'm talking the "you have been
    > infected with a virus and we are going to scan... click here to purchase our
    > product" type of viruses. I have been using MalwareBytes to clean them but
    > even MB is missing a few unless the database is REALLY up to date.
    >
    >
    On unmanaged networks where they don't restrict web access, where they
    don't filter email contents, where they run as local admins, seen more
    of it than 6 months ago. On managed networks, open web to ONLY business
    approved sites, email filtered to remove any possibly malicious file,
    not any sign of it.

    Cost of removing malware exceeds the cost of preventing access to it in
    every case, but the customers don't want to "limit" creativity or
    freedom :-)

    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    spam999free@newsgroup (remove 999 for proper email address)

      My System SpecsSystem Spec

  5. #5


    Richard K Guest

    Re: Uptick in Viruses?

    How do you block the banner ads?

    "Susan Bradley" <sbradcpa@newsgroup> wrote in message
    news:uKuAFoBvKHA.800@newsgroup

    > Richard K wrote:

    >> Has anyone noticed a major uptick in viruses affecting XP Pro clients on
    >> SBS2003 networks over the past few months? I'm talking the "you have
    >> been infected with a virus and we are going to scan... click here to
    >> purchase our product" type of viruses. I have been using MalwareBytes to
    >> clean them but even MB is missing a few unless the database is REALLY up
    >> to date.
    >>
    >> I have given a lot more latitude to clients in letting them have local
    >> admin priv. and I am very good at keeping clients up to date in software
    >> patches and AV (trend WFBS) but am rethinking the local admin rights.
    >> The only thing that puts a hole in that theory is I have another
    >> associate who is major league locked down with non-local admin rights,
    >> updates, AV etc. in addition to a very good appliance firewall from
    >> Barracuda. His XP Pro clients are still getting hit. Labor to fix these
    >> issues is starting to get bad.
    >>
    >> thoughts?
    >>
    >>
    > yup.
    > It's malicious banner ads in google hits.
    >
    > Block the banner ads from the rotation.
    >
    > Start killing off XP.

      My System SpecsSystem Spec

  6. #6


    Richard K Guest

    Re: Uptick in Viruses?

    SBS2003 with XP Pro clients running WFBS. I can take away the local admin
    rights (but for some users that can be a real pain if they use apps looking
    for more access like QB). I cannot control where users surf the net but I'm
    pretty sure they are getting these via web surfing.

    "Leythos" <spam999free@newsgroup> wrote in message
    news:MPG.25faae1c76afed6298a177@newsgroup

    > In article <OvjkyYBvKHA.3408@newsgroup>,
    > rkokoski@newsgroup says...

    >> Has anyone noticed a major uptick in viruses affecting XP Pro clients on
    >> SBS2003 networks over the past few months? I'm talking the "you have
    >> been
    >> infected with a virus and we are going to scan... click here to purchase
    >> our
    >> product" type of viruses. I have been using MalwareBytes to clean them
    >> but
    >> even MB is missing a few unless the database is REALLY up to date.
    >>
    >>
    >
    > On unmanaged networks where they don't restrict web access, where they
    > don't filter email contents, where they run as local admins, seen more
    > of it than 6 months ago. On managed networks, open web to ONLY business
    > approved sites, email filtered to remove any possibly malicious file,
    > not any sign of it.
    >
    > Cost of removing malware exceeds the cost of preventing access to it in
    > every case, but the customers don't want to "limit" creativity or
    > freedom :-)
    >
    > --
    > You can't trust your best friends, your five senses, only the little
    > voice inside you that most civilians don't even hear -- Listen to that.
    > Trust yourself.
    > spam999free@newsgroup (remove 999 for proper email address)

      My System SpecsSystem Spec

  7. #7


    SteveB Guest

    Re: Uptick in Viruses?

    Implementing OpenDNS would be a help in controlling the web surfing.

    "Richard K" <rkokoski@newsgroup> wrote in message
    news:%23efyeBGvKHA.2436@newsgroup

    > SBS2003 with XP Pro clients running WFBS. I can take away the local admin
    > rights (but for some users that can be a real pain if they use apps
    > looking for more access like QB). I cannot control where users surf the
    > net but I'm pretty sure they are getting these via web surfing.
    >
    > "Leythos" <spam999free@newsgroup> wrote in message
    > news:MPG.25faae1c76afed6298a177@newsgroup

    >> In article <OvjkyYBvKHA.3408@newsgroup>,
    >> rkokoski@newsgroup says...

    >>> Has anyone noticed a major uptick in viruses affecting XP Pro clients on
    >>> SBS2003 networks over the past few months? I'm talking the "you have
    >>> been
    >>> infected with a virus and we are going to scan... click here to purchase
    >>> our
    >>> product" type of viruses. I have been using MalwareBytes to clean them
    >>> but
    >>> even MB is missing a few unless the database is REALLY up to date.
    >>>
    >>>
    >>
    >> On unmanaged networks where they don't restrict web access, where they
    >> don't filter email contents, where they run as local admins, seen more
    >> of it than 6 months ago. On managed networks, open web to ONLY business
    >> approved sites, email filtered to remove any possibly malicious file,
    >> not any sign of it.
    >>
    >> Cost of removing malware exceeds the cost of preventing access to it in
    >> every case, but the customers don't want to "limit" creativity or
    >> freedom :-)
    >>
    >> --
    >> You can't trust your best friends, your five senses, only the little
    >> voice inside you that most civilians don't even hear -- Listen to that.
    >> Trust yourself.
    >> spam999free@newsgroup (remove 999 for proper email address)
    >


      My System SpecsSystem Spec

  8. #8


    Dave Nickason [SBS MVP] Guest

    Re: Uptick in Viruses?

    Block the ads with OpenDNS.

    One additional comment: from personal experience, Power User in XP is as
    bad as full admin rights when it comes to these risks. I had a local power
    user get infected with something (not this Antivirus 2010 or whatever) just
    by visiting a page from a google search. I agree with Susan - start getting
    rid of XP - but until you can do that, run everyone as standard user, not
    power user.

    And yes, I'm seeing an increase in the frequency.

    "Richard K" <rkokoski@newsgroup> wrote in message
    news:uQ2qKAGvKHA.5008@newsgroup

    > How do you block the banner ads?
    >
    > "Susan Bradley" <sbradcpa@newsgroup> wrote in message
    > news:uKuAFoBvKHA.800@newsgroup

    >> Richard K wrote:

    >>> Has anyone noticed a major uptick in viruses affecting XP Pro clients on
    >>> SBS2003 networks over the past few months? I'm talking the "you have
    >>> been infected with a virus and we are going to scan... click here to
    >>> purchase our product" type of viruses. I have been using MalwareBytes
    >>> to clean them but even MB is missing a few unless the database is REALLY
    >>> up to date.
    >>>
    >>> I have given a lot more latitude to clients in letting them have local
    >>> admin priv. and I am very good at keeping clients up to date in software
    >>> patches and AV (trend WFBS) but am rethinking the local admin rights.
    >>> The only thing that puts a hole in that theory is I have another
    >>> associate who is major league locked down with non-local admin rights,
    >>> updates, AV etc. in addition to a very good appliance firewall from
    >>> Barracuda. His XP Pro clients are still getting hit. Labor to fix
    >>> these issues is starting to get bad.
    >>>
    >>> thoughts?
    >>>
    >>>
    >> yup.
    >> It's malicious banner ads in google hits.
    >>
    >> Block the banner ads from the rotation.
    >>
    >> Start killing off XP.
    >

      My System SpecsSystem Spec

  9. #9


    Richard K Guest

    Re: Uptick in Viruses?

    I wish I could reject all local admin rights but there are some pieces of
    software that will not run without local admin and some (like QB) that
    require extensive customization so they can work if the user does not
    provide local admin. As far as getting rid of XP..... easier said then done
    with budgets and time with a lot of these businesses.

    "Dave Nickason [SBS MVP]" <gwdibble@newsgroup> wrote in message
    news:ecl1deIvKHA.3860@newsgroup

    > Block the ads with OpenDNS.
    >
    > One additional comment: from personal experience, Power User in XP is as
    > bad as full admin rights when it comes to these risks. I had a local
    > power user get infected with something (not this Antivirus 2010 or
    > whatever) just by visiting a page from a google search. I agree with
    > Susan - start getting rid of XP - but until you can do that, run everyone
    > as standard user, not power user.
    >
    > And yes, I'm seeing an increase in the frequency.
    >
    > "Richard K" <rkokoski@newsgroup> wrote in message
    > news:uQ2qKAGvKHA.5008@newsgroup

    >> How do you block the banner ads?
    >>
    >> "Susan Bradley" <sbradcpa@newsgroup> wrote in message
    >> news:uKuAFoBvKHA.800@newsgroup

    >>> Richard K wrote:
    >>>> Has anyone noticed a major uptick in viruses affecting XP Pro clients
    >>>> on SBS2003 networks over the past few months? I'm talking the "you
    >>>> have been infected with a virus and we are going to scan... click here
    >>>> to purchase our product" type of viruses. I have been using
    >>>> MalwareBytes to clean them but even MB is missing a few unless the
    >>>> database is REALLY up to date.
    >>>>
    >>>> I have given a lot more latitude to clients in letting them have local
    >>>> admin priv. and I am very good at keeping clients up to date in
    >>>> software patches and AV (trend WFBS) but am rethinking the local admin
    >>>> rights. The only thing that puts a hole in that theory is I have
    >>>> another associate who is major league locked down with non-local admin
    >>>> rights, updates, AV etc. in addition to a very good appliance firewall
    >>>> from Barracuda. His XP Pro clients are still getting hit. Labor to
    >>>> fix these issues is starting to get bad.
    >>>>
    >>>> thoughts?
    >>>>
    >>>>
    >>> yup.
    >>> It's malicious banner ads in google hits.
    >>>
    >>> Block the banner ads from the rotation.
    >>>
    >>> Start killing off XP.
    >>

      My System SpecsSystem Spec

  10. #10


    Leythos Guest

    Re: Uptick in Viruses?

    In article <uQ2qKAGvKHA.5008@newsgroup>,
    rkokoski@newsgroup says...

    > How do you block the banner ads?
    >
    Banner ads normally come from a site other than the one you're visiting,
    so, if you have a firewall (or OpenDNS or a good host file), you won't
    see them.

    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    spam999free@newsgroup (remove 999 for proper email address)

      My System SpecsSystem Spec

Page 1 of 3 123 LastLast

Uptick in Viruses?
Similar Threads
Thread Forum
Removing Viruses from a PC That Won’t Boot. System Security
Security companies warn of uptick in attacks using new IE flaw. Browsers & Mail
viruses and BSOD help! System Security
Viruses in Vista? Vista General
Anti Viruses Vista General