Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 57
  1. #11
    Untangler
    Join Date
    Sep 2008
    Posts
    69

    Default

    Quote Originally Posted by datdamnmachine View Post
    Not really disappointing. That's just the nature of security appliances and applications. The malicious code writers are almost always one step ahead in coming out with new ways to infect computers. One way to combat that is to submit samples of new infections as well as the links they came from. This allows the security application developers narrow the time frame of new, undetected threat to new, detected threat.

    Send the information to the Untangle crew as well so they can close the holes.

    Actually it is very disappointing assuming that the person who became infected recently also became infected through the net past UT box. I am well aware of the AV community and speeds of new definitions. If this virus was around a month ago, the virus engine of clam or kaspersky would be updated to detect it by now. Could there be a variant of it that wasn't detected? Possible. But Kaspersky updates it's definitions up to once an hour. Either way, this doesn't sound like a hyer-morphed-super-sneaky-need-highend-heuristics to catch virus.

  2. #12
    Master Untangler
    Join Date
    Apr 2008
    Posts
    346

    Default

    Quote Originally Posted by securityguy View Post
    Actually it is very disappointing assuming that the person who became infected recently also became infected through the net past UT box. I am well aware of the AV community and speeds of new definitions. If this virus was around a month ago, the virus engine of clam or kaspersky would be updated to detect it by now. Could there be a variant of it that wasn't detected? Possible. But Kaspersky updates it's definitions up to once an hour. Either way, this doesn't sound like a hyer-morphed-super-sneaky-need-highend-heuristics to catch virus.
    Yes, it is indeed, a new variant.

  3. #13
    Untangler
    Join Date
    Sep 2008
    Posts
    69

    Default

    Quote Originally Posted by bratsadtar View Post
    Yes, it is indeed, a new variant.
    All the more reason to use Kaspersky. Fast updates.

  4. #14
    Newbie
    Join Date
    Jun 2008
    Location
    George, South Africa
    Posts
    12

    Default

    Thanks to Untangle My Network has remained clean and stable My only problem in the customers using foreign Flash drives which sometimes bring different types of virus witch are generally picked up by the local PC's AV app
    :worship: Untangle 6.2 :worship:
    My Network has never been soo
    Stable, Virus Free and Low Maintance
    Wesley Steyn - Network Administrator

  5. #15
    Untanglit
    Join Date
    Oct 2008
    Posts
    20

    Default

    When I first installed Untangle into a VM, and used a XP VM for testing, I actually specifically hunted that one down. UT never blocked it. I haven't tried it lately, but I think maybe I will and see what my results are..

  6. #16
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,554

    Default

    This malware is based on a continuously updated trojan family, which is VERY agressively updated with as much as SEVERAL new variants being release each_day! Seriously...4, 5, even 6 new variants are sometimes released each day.

    ZLOB. Of which many variants are based on, Smitfraud/Virtuomonde (many different spellings and nicknames such as Vundo/Vundu).

    The best of the best of antivirus programs....AntiVir, NOD32, Kaspersky....the new ZLob variants keep ahead of them frequently.

    There are soooooo many variants out there, Untangle is most likely stopped quite a few of them from hitting the computers behind it..but just like with the antivirus products themselves...sometimes you will come across a new variant that your antivirus definitions do not have the info on..and you'll get zapped. Even if you have the optional Kaspersky engine in your Untangle rack.

    So....you can't really say "Untangle didn't stop if for me"..or "Untangle stopped it for me"...because which of the hundreds (if not thousands) of ZLob variants are you specifically talking about?

  7. #17
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,554

    Default

    Removing it....we're using a shotgun approach.

    CCleaner first to clear temp files.
    SuperAntispyware (free)
    Spybot Search and Destroy..update, immunize too (free)
    MalwareBytes (free)

    AntiVir free edition antivirus

    TCP/Winsock repair utility.

    The above clear up over 90% of the infected PCs. Most of our clients have NOD32 installed locally, which often blocks most of the trojan from fully installing, so a few quick scans with the above tools and PC is healthy again.

    The worse of the worse infections...the big hammer..."SDFix.exe"...which is a special tool that targets this trojan, Google it and download from BleepingComputers.

  8. #18
    zay
    zay is offline
    Master Untangler zay's Avatar
    Join Date
    Aug 2008
    Posts
    103

    Default

    The same is said for spyware, and malware. People have gotten smarter by the day, so now they disguise the dna to get past defenses. That is why it is important to constantly keep definitions up to date, and also to post these attacks so that developers can be aware, and hence come up with ways to counteract. I tell my clients all the time when they complain about them still getting spam or a virus "there is no full proof way to stop every virus or piece of spam from getting thru" all we can do is keep trying to find ways to stop or prevent the ones that got in, from coming back (that is, until they find another way to get past). Just my 1 1/2 pennies.
    What does it profit you to gain the world and lose your soul?

  9. #19
    Master Untangler
    Join Date
    Apr 2008
    Posts
    106

    Default

    We have had three systems infected with this Antivirus 2009 in the past month, all are behind Untangle. I went to MSN.COM the other day, and it tried to load on my computer, I am guessing it was through one of their third-party ads that had the virus embeded in the Flash. What are some things we can try to make sure this is blocked via Untangle?

  10. #20
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,173

    Default

    I saw it last week as well. Eset on the desktop stopped it cold.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 6 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2