msblast - how do i get rid of once and for all?

  • Thread starter Thread starter JM
  • Start date Start date
J

JM

hi,
I have a network of appox 500 desktops in three different sites.
99% of my desktops have been patched to prevent MSBLAST>
however, every now and then, a computer comes online that doesn't have the
patch and gets the virus.
i suspect that this virus is living on my network. is there anyway to sniff
out the network to find it?

thanks
 
Patching the PCs doesn't fully protect your network. I hope you have some
type of a AV software on all the machines and that the virus definitions are
up to date. For all you know people could be bringing MSBLAST on CDs and
floppy disks from home.
 
Microsoft has got a tool which can sniff your network for unpatched
machines.

Marina
 
Plus MSBLAST spreads through e-mail. Are you scanning all your incoming
mail for it?
 
yes, i'm doing all of this. i patched my desktops (tool is reporting all
patched)... however, as i mentioned before, everyone now and then a computer
connects to the network that has not been patched and recieves the virus.
i have anti-virus at every imaginable level. It's in the network
somewhere.......... i want to know where.
 
msblast doesn't necessarely spread through email. It is a worm, so the
machine just has to be connected to the internet.

Marina
 
You could try this. Place a patched computer on the network that has
Sygate personal firewall on it which is free to try. Disable the firewall
function or create just a rule for port 135 that is logged. After a while
check the log to see where activity is coming from on port 135. Not all
computers generating that traffic will necessarily be infected, but you
probably will see high traffic from infected computers. I suggest Sygate
because it has excellent logging ability including a traceback
unction.. --- Steve
 
Back
Top