Drive by virus - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Drive by virus

  1. #11
    Well, my guy took my machine today, ghosted the hard drive and we played a few games of 8 ball while waiting but then it got late and I left it with him to change the partitions and do some updates. I'm just glad it didn't get into the network and kill my wife and daughters machines. I guess it was contained in the operating system, so that's good news. Should have it back tomorrow. Probably have to pay him out of the cash I had saved for my new Saiga 12 Ga. Its always something. Also had to have both u joints replaced in my truck yesterday for $187 but they did it for free because I do them a lot of favors. That was nice. Woulda been a bad day otherwise.
    You can run... but you'll just die tired. 3%

  2.   
  3. Quote Originally Posted by sFe View Post
    ... As for the emails its easy to look at domain names of the sender...
    Many spammer and virus emails can be spotted by looking at domain names. However, that is not 100% fool-proof. I deal with email at the server level and I can tell you that some spoofed emails are very deceptive, domain names included... Source IP is tougher to spoof, but almost nobody checks that. It would be trivial for me to send an email spoofing the source email address and domain.

    Youre looking at code coming through where, and youre searcing for known code signatures correct?
    He's referring to heuristics. It's helpful because it can sometimes catch slightly modified malware that has NOT had a known code signature documented yet. Basically it is a way to look for software the behaves like malware. It's been my experience that heuristics is a fairly minor boost in protection, but perhaps he's seen more of a benefit than I have.

    My experience is mostly along the lines of administration/email/troubleshooting and can back FN1910's statement in general.

    Literally 97% of the email that hits our network where I work is spam or a virus. It's amazing that anything legit makes it through at all.

  4. #13
    Your 97% figure for spam etc. is about right. We have a Barracuda box and that thing is well worth the money. Since we have installed it about 7 years ago I have seen the percentage of spam slowly rise. Right now about 95% is blocked immediately because of blacklist or similar identies. Another 1-2% is then blocked for meeting the spam filter settings of types of email. Another 1-2% is the passed through but flagged in the subject line of the email as possible spam. That leaves 1-3% as getting through without any flagging. Out of that 1-3% it includes, advertisements from legitimate vendors, jokes being passed around the Internet, and pictures of babies or such stuff. Out of all the mail sent to us from outside the network about 0.5% is actual useful work related email. Any time someone comes to my office complaining about spam in their email I just show them the graph from the Barracuda box and threaten to turn it off for them. Very seldom do I have any more complaints.

    I also have a Fortigate firewall that does some email and web filtering along with a monitoring server supplied by Homeland Security and the email server itself does some.

    There are several different thigs that heuristics looks at including known and unknown codes. As you say it is marginal as to how much new stuff it finds. I think that is partly because the turnaround time on patches for new stuff is so quick that there is very little that hit our machines that is not known. The biggest problem is the intentional stuff that people download that opens holes for everything else. When I investigate an infected machine I usually find that it started when they downloaded some "cute" program or didn't pay attention to what it was asking. I have seen machines where there litterally was no room left on the screen to display a web page because of all the toolbars at the top of the browser. I didn't realize that there were that many available.

  5. #14
    Join Date
    Feb 2010
    Location
    Laurinburg NC
    Posts
    163
    Quote Originally Posted by FN1910 View Post
    Your 97% figure for spam etc. is about right. We have a Barracuda box and that thing is well worth the money. Since we have installed it about 7 years ago I have seen the percentage of spam slowly rise. Right now about 95% is blocked immediately because of blacklist or similar identies. Another 1-2% is then blocked for meeting the spam filter settings of types of email. Another 1-2% is the passed through but flagged in the subject line of the email as possible spam. That leaves 1-3% as getting through without any flagging. Out of that 1-3% it includes, advertisements from legitimate vendors, jokes being passed around the Internet, and pictures of babies or such stuff. Out of all the mail sent to us from outside the network about 0.5% is actual useful work related email. Any time someone comes to my office complaining about spam in their email I just show them the graph from the Barracuda box and threaten to turn it off for them. Very seldom do I have any more complaints.

    I also have a Fortigate firewall that does some email and web filtering along with a monitoring server supplied by Homeland Security and the email server itself does some.

    There are several different thigs that heuristics looks at including known and unknown codes. As you say it is marginal as to how much new stuff it finds. I think that is partly because the turnaround time on patches for new stuff is so quick that there is very little that hit our machines that is not known. The biggest problem is the intentional stuff that people download that opens holes for everything else. When I investigate an infected machine I usually find that it started when they downloaded some "cute" program or didn't pay attention to what it was asking. I have seen machines where there litterally was no room left on the screen to display a web page because of all the toolbars at the top of the browser. I didn't realize that there were that many available.

    Seems like you can't install anything now without having to uncheck a toolbar box.
    For me, it is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring. - Carl Sagan .When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours - Stephen Roberts

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Virus detected!!!
    By PaulIcemanMc in forum Site News & Feedback
    Replies: 41
    Last Post: 06-25-2010, 06:03 PM
  2. Pandemic warning thread
    By festus in forum Survival Related
    Replies: 22
    Last Post: 05-29-2009, 09:27 PM
  3. a GUN drive
    By Rht4162 in forum General Firearm Discussion
    Replies: 7
    Last Post: 11-18-2008, 12:34 PM
  4. The pro-barack vote-fraud drive
    By HK4U in forum Politics and News
    Replies: 5
    Last Post: 10-10-2008, 05:31 AM
  5. Hang Up And DRIVE
    By festus in forum Off-Topic
    Replies: 16
    Last Post: 08-18-2008, 07:39 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Quantcast