----- Original Message ----- From: "Sean Donelan" <sean@donelan.com> To: <nanog@merit.edu> Sent: Sunday, May 16, 2004 9:45 AM Subject: Antivirus firms discover Bots
I'm glad that anti-virus firms are noticing the growth of Bots. Unfortunately, their guestimating ability is still woefully inadequate.
Even frequent updates to anti-virus software won't help. Many bots disable automatic updates and block access to the antivirus sites. By the time anti-virus software detects somethings wrong, its already too late. The solution is to make certain your computer is not compromised, instead of relying on anti-virus to clean it up later.
Please note the "removal tool" from Mcafee, called Stinger, has also been targeted by some. Just attempting to run it off a floppy or CD will not work nor will it be allowed, by some of them, to be copied to HD. The simple answer is to download it and rename it to something else before introducing it to the new machine AND booting safe mode for Windows machines to get it going, anyway. I have also noted that permissions on XP machines have been altered but so far have not noticed the Admin account being changed at all unless the user is actually using the setup Admin account as the only account on the machine. Greg.