Information about SharePoint, Microsoft 365, Azure, Mobility and Productivity from the Computer Information Agency
All of sudden yesterday night we started receiving all these warnings that Trend CSM suit had detected multiple virus instances. The emails were flowing in from many sites we monitor every two minutes. Further investigation indicated that these warnings were being generated by WINVNC.EXE, which for those of you who don’t know is a free remote access tool.
Now it was simple enough to go an create the exceptions in each Trend CMS console to stop these notifications but the question was why did they happen? They didn’t happen on every site, even though other sites did have this software installed. Strange.
The issue has now apparently gone away so all we can deduce is that it had something to do with a recent virus definition update. As we said before, strange.
Recently tried to update a customer from Livestate Desktop Recovery V3.0 to the latest Backup Exec Desktop System Recovery 7.0 and guess what? when you attempt to uninstall Livestate from Control Panel you get a message that you “must uninstall a previous version”. Say what? There was no prior version, so now what.
Well, you could go through the registry manually and remove all the entries to Livestate but let us tell you that there are heaps. A much better option is to call up Symantec Tech Support and tell them you are having issues. They will send you a batch file that uninstalls Livestate manually.
This was almost identical to the issue that we had with Livestate 6.0 Server recovery and the only solution was once again a batch file from Symantec. Hmm.. not impressed at all Symantec, not at all. We really hope that when it comes time to uninstall Backup Exec Desktop System Recovery 7.0 we don’t have the same issues.
We recently attended a security seminar presented by Trend Micro where they said that most of the security threats faced by computers these days are being delivered by web sites. Note how we didn’t say malicious web sites, why? Well, the example that Trend gave was that the web site for the Miami Dolphins football team in the US had been hacked and a small piece of code had been added to their front page that when opened would download a trojan to the viewers computer. Once the trojan was downloaded, it would then execute and download more malware, ultimately allowing the PC to be controlled by hackers for whatever purpose they deemed.
Now you might think that this is all a bit far fetched and only happens in places like America, well think again! The following report in the Sydney Morning Herald highlights how the same thing happened to the web site of the Sydney Opera House. According to the story :
The code would infect web browsers that were not patched with the latest security updates with Trojan software, most likely designed to capture sensitive information such as internet banking details from victims’ computers.
and
Ms Swaffield says NSW police were informed of the security breach, the incident was documented but no action was taken. The Sydney Opera House site is visited by more than 300,000 internet users every month.
Hmmm..interesting eh? If you want a reason to ensure that your workstations are up to date look no further than this story because as it says the trojan would “infect unpatched machines” and that up to 300,000 people use this legitimate web site every month.
So don’t just think that it is your emails that are your biggest security threat, it is all those network users surfing web sites on unpatched machines that can cause major problems.
For the full story see : http://www.smh.com.au/news/security/hackers-infected-opera-house-website/2007/06/11/1181414219766.html
We have now seen this a few times so …
If you have Etrust antivirus V7.0 installed on your machine you may experience a situation where the whole system runs extremely slow after the change to daylight svings time ( DST ). A bug exists in the Etrust software that allows Inotask.exe to run at 100% CPU utilization. The resolution is to apply an update from CA which can be found here.
Basically you download the file, unzip it ( using the CA unzip program ) then stop all the Etrust services. Next, replace the files on the affected machine. For a server there will normally be 2 files to replace an don workstations just one. Restart the Etrust services again. The CPU should now return to normal levels.
The strange thing that we have found is that only certain machines are affected. Sometimes servers ( SBS2003 included ) and sometime workstations. No rhym or reason. Go figure.
Here’s a great video that demonstrates how “insecure” even the most the modern networks are. All you have to do is ignore one fundamental security principal ( which end users do all the time ) and then the flood gates are open.
http://www.microsoft.com/uk/technet/itsshowtime/sessionh.aspx?videoid=351
It’s only about 20 minutes in total time but we just wish we could download the file in total for later reference.
CIAOPS 