SCO.a or Mydoom Worm Causing More problems, Hacker Abuses
The Mydoom or SCO.A worm is leading to some new issues. The worm installs a backdoor that allows remote users access to the infected system, and logs keystrokes and sends off certain passwords.
This has lead to some pretty widespread hacking activity, unrelated attackers using infected systems to gain further access and harvest passwords.
The gist here is, if you have an infected system you should consider that a complete compromise. Execute your incident response plans. In addition, you should:
- 1: Change all passwords used on or near that machine
2: Force all user passwords in your domain to expire and be changed (they could have been harvested)
3: Change all administrative passwords
4: Remove the infected system from the network, even if cleaned by antivirus. It should be rebuilt, but at least be completely inspected by a security professional before being returned to service.
An infection by this worm is not just your regular infection. It’s a complete compromise that may have had the attention of a live human being attacker after the infection.
Leave a comment
K-12 teachers offered training to help give every student an education in cybersecuri Read more
Battling Procedure Fatigue in Cybersecurity . . . Or . . . making sure we don’t just Read more
Weekly themes for the annual event have been announced… An article review. October is Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more