Jump to content
Free PC Help Forum
Logging In to Free PC Help Forum Has Changed

Virus attacks! User opened malware-infected .ZIP attachment from AmEx

AWS
 Share

Recommended Posts

  • FPCH Admin
AWS Rookie

AWS

Posted
  • FPCH Admin
Posted

Howdy, y'all,

One of our users was duped into opening the .ZIP file attached to a fraudulent message shown as originating from American Express. Oops it wasn't American Express. But she was expecting a sizable receivable from a large customer that sometimes remits with

an AmEx corporate card. She's wiser now.

The Trojan downloaded a worm that spread through a workgroup and infected a NetWare 5 server to which drive letters were mapped through the Novell Client.

Cisco SIO published and is updating an alert:

http://tools.cisco.com/security/center/viewAlert.x?alertId=24111&ampvs_f=Threat%20Outbreak%20Alerts&ampvs_cat=Security%20Intelligence&ampvs_type=RSS&ampvs_p=Threat%20Outbreak%20Alert:%20Malicious%20Attachment%20E-mail%20Messages%20on%20March%2025,%202013&ampvs_k=1

Security Essentials detected:

TrojanDownloader:Win32/Beebone.HF

Worm:Win32/Vobus.OS

After many hours of work primarily with Windows Defender Offline, Symantec's Bootable Recovery tool (for coupla the older PCs that don't support the NX bit via the BIOS WDO is a compact Win8), and Malwarebytes's Anti-malware scanner, the XP SP3 PCs are

healthy. Much manual work was required to fix the server volumes, but the infection was removed.

Beyond reminding users not to open attachments, we wanna prevent this in the future.

The user was logged in as administrator. Accounts were changed to Limited as per Principle of Least Privilege. Infected user had an earlier version 8 of Adobe Reader that wasn't secure. Adobe Reader was upgraded to 10.1.5, as Reader 9.x support will be terminated

in June.

So, coupla questions: Why didn't Security Essentials detect and defend against the malware attachment? Can't check at this point, but can only assume that MSE did scan the malware file, but didn't detect the signature because MSE might not have been current.

What else can we do beyond keeping Windows patches current and updating Security Essentials? Would IMAP email accounts in Outlook be more secure, given that message attachments can be detached?

Thanks kindly.

 

View this thread

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...