Aurora malware Inoculation Shot
Feb 15, 2010 Security News, Security Tools
Security company HBGary has released a “free utility that will scan for and, optionally, remove the Aurora malware from a Windows Domain.”
Enterprises can easily scan for infections and remove them. The Aurora inoculation shot is digitally signed by HBGary, Inc., and utilizes existing Windows management API’s to identify infected machines. No files are copies over the network, the scan and optional removal is completely remote. WMI must be enabled in your Enterprise for inoculation shot to work. Command line instructions are as follows:
To scan a single machine: InoculateAurora.exe -scan 192.168.0.1 InoculateAurora.exe -scan MYBOXNAME To scan multiple machines: InoculateAurora.exe -range 192.168.0.1 192.168.0.254 To automatically attempt a clean operation: InoculateAurora.exe -range 192.168.0.1 192.168.0.254 -clean To scan a list of machines in a .txt file: InoculateAurora.exe -list targets.txt
What are you waiting for? Go get it here.
Rootkit possibly behind Windows BSOD
Feb 15, 2010 Security News
For all you Windows users out there, pay attention to this one:
There are indications that the system crashes and the dreaded blue screen of death (BSoD) that many Microsoft Windows users reported suffering after installing this week’s batch of security updates may be caused at least in part by malware infestations on the affected machines.
Patrick W. Barnes, a systems administrator at Cat-man-du, a technology services firm in Amarillo, Texas, said at least three different customers came into his shop with the same blue screen of death after installing Tuesday’s patches on their systems. Barnes said that on closer inspection, he found that each had been previously infected with a rootkit, a set of tools sometimes installed by malware that are designed to hide the presence of the infection on the host system.
For all of Brian Krebs’ good article on this matter, check here.
