1 / 11

AntiVirus Process

AntiVirus Process. Marilyn Cariola Heather Larrieu (audio) Chris Mayfield October 14, 2008. Computer Security AntiVirus. Source: Quarterly Report PandaLabs – July-Sept 08 . Malicious Software. More trojan attacks Coming via web browsing Using SQL injections techniques

wilmer
Télécharger la présentation

AntiVirus Process

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AntiVirus Process Marilyn Cariola Heather Larrieu (audio) Chris Mayfield October 14, 2008

  2. Computer Security AntiVirus Source: Quarterly Report PandaLabs – July-Sept 08

  3. Malicious Software • More trojan attacks • Coming via web browsing • Using SQL injections techniques • Battery of exploit attempts • 3rd party applications • OS vulnerabilities • Goal is Silent Infection • Trojan.ZLOB • Trojan.PANDEX • Trojan.ASPROX

  4. What you see

  5. Virus Alert Alert: Virus Found Computer: XXXXXXXXXXXXX Virus: Trojan Horse Path: C:\WINDOWS\Temp\VBR49FD.exe Date: 9/29/2008 Time: 9:54:46 AM Severity: Critical Requested Action: Clean Action Taken: Leave Alone User: XXXXXXXXXXXXX Source: Symantec AntiVirus Corporate Edition

  6. AV Process & Actions • Notes: • The results of malware research could change the actions to be taken • All scans must be full AV scans in safe mode with system restore turned off. • Results need to be shared with Cyber, screen captures or exported files. • Depending on the results of the scan, further actions could include format and rebuild or Cyber taking the computer or hard drive for further investigation. • Computer security may not request a rebuild if the virus is found in cache. • Computers used to access personally identifiable information (PII) will receive more scrutiny when they generate virus alerts..

  7. Other Actions • Additional viruses or issues • Isolate / scan / rebuild • Several (3 or more) alerts on same computer / same day • Isolate / scan / rebuild • Unauthorized / prohibited software • Must be removed • Some cases sent to HR

  8. Further Review Affirmative duty to report abuse of SLAC resources • Device taken, including USB devices • Illegally licensed software • Hacker tools • Key generators, password sniffing, vulnerability assessment • Illicit material • Pornography, gambling, evidence of running a personal business • Reported to HR

  9. References • Computer Security website • Restricted/Prohibited software • Policies • Limited Personal Use of Government Office Equipment including Information Technology • Use of SLAC Information Resources

  10. Questions / answers / discussion • What would happen if we didn’t do this? • A computer gets compromised • Becomes a bot for additional attacks • Information is lost • During a Site Assessment • Non-job related data is found • Unlicensed / illegal software • Pornography • SLAC fined, lose contract?

More Related