SCO.a or Mydoom Worm Causing More problems, Hacker Abuses
The Mydoom or SCO.A worm is leading to some new issues. The worm installs a backdoor that allows remote users access to the infected system, and logs keystrokes and sends off certain passwords.
This has lead to some pretty widespread hacking activity, unrelated attackers using infected systems to gain further access and harvest passwords.
The gist here is, if you have an infected system you should consider that a complete compromise. Execute your incident response plans. In addition, you should:
- 1: Change all passwords used on or near that machine
2: Force all user passwords in your domain to expire and be changed (they could have been harvested)
3: Change all administrative passwords
4: Remove the infected system from the network, even if cleaned by antivirus. It should be rebuilt, but at least be completely inspected by a security professional before being returned to service.
An infection by this worm is not just your regular infection. It’s a complete compromise that may have had the attention of a live human being attacker after the infection.
Another awareness poster for YOUR customers (and users). Now that we have our own em
In this short video, Mike, our “Envoy from the SIEM”, walks us through how data flows
Dan’s reflection on the past 20 years. A Dan’s New Leaf post about predictions. If yo
Welcome Webinar Attendees! You can download a zip folder with all three of the delive