Showing posts with label IT» Network and Security. Show all posts
Showing posts with label IT» Network and Security. Show all posts

Wednesday 14 June 2017

How to send Node to Node Message in Windows 7 Connected Nodes

by default this feature has been deprecated in Windows 7
however, a domain admin with domain privileges can do so from command prompt

syntax:

msg /server:L1411004 console testmsg

where L1411004 is the hostname and testmsg is the actual message

If you encounter the following error message:-

- troubleshooting error: "Error 5 getting session names" then,
- Error 1722 getting session names

On the machine that you cannot message to:
Use regedit to navigate to: (this access destination hostname via Admin mode from source machine from registry console itself. this again requires admin privileges. Type regedit from cmd prompt. Then Click File >> Connect Network Registry

















error connecting network registry pop-up usually appears when the destination windows firewall is activated and blocks all incoming connections. try to figure out this by allowing icmp ports. also, make sure remote registry services are running on either hosts.

and then change the destination registry settings AllowRemoteRPC value data from 0 to 1 base hexadecimal

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

Then change the following value:

Name : AllowRemoteRPC
Type : REG_DWORD
Value : 1

Know your RDP Port Number via Registry

Look for registry settings for remote access on Windows 2012:

Computer\HKEY_Local_Machine\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\PortNumber

Tuesday 7 January 2014

‘Creepware’ on the rise: Beware..!

Remote-access Trojans (RATs) is a galloping concern among common people across the world.
Malware that secretly installs tools similar to those used by network admins to control machines remotely. Once the malware is installed on a machine, cyber pranksters can take control of the entire system, including the webcam.
Many have heard the stories about people being spied on using their own computer or people being blackmailed using embarrassing or incriminating video footage unknowingly recorded from compromised webcams.
According to leading AV and security solution provider, creepware programs, such as Pandora RAT, allow an attacker to gain access to files, processes, services, the clipboard, active network connections, the registry and printers. Some programs also allow an attacker to remotely control the desktop; take screenshots; record webcam footage; record audio; log keystrokes; steal passwords; download files; open Web pages; display onscreen messages; play audio messages using the text-to-speech function; restart the computer; and cause system failure.
To stay protected against creepware or any other 'X'ware, keep antivirus definitions, operating systems, and software up-to-date, and avoid opening emails from unknown senders or clicking on suspicious email attachments. Users should also exercise caution when clicking on enticing links sent through email, instant messages, or posted on social networks, and only download files from trusted sources.
Also be suspicious of unexpected webcam activity. When you're not using the webcam, keep the shutter closed..!

Sunday 5 January 2014

Encrypt your drive with Bitlocker

Need to have TPM activated on BIOS to get these features.. However, if you don't have TPM enabled laptops, activate bitlocker without a TPM

Tuesday 15 January 2013

New Java Exploit - Java patch released

Java latest update (Java SE 7u11 and other versions) download link

New Java Exploit - Disable Java NOW!

New Java Exploit - Disable Java NOW!

Another Java exploit discovered and this one is the worst kind of security hole. It's one that allows a hacker to install malware or viruses without your knowledge simply by visiting a website. The exploit has been confirmed by Bitdefender, a popular anti-virus company, as being actively used by hackers on the internet to compromise computer systems.

The really dangerous part is it appears to affect all installations of Java and there is no known way to stop it outside of disabling or uninstalling Java. Oracle, the makers of Java, are aware of the exploit and are doubtlessly working on a fix, but no ETA or information has been released.

The easiest and most secure way to disable Java is to follow the instructions provided by Oracle by clicking here. You can re-enable Java after Oracle patches Java and you download an updated version. Disabling Java may cause certain websites to perform differently as Java will not be available to them so keep that in mind if you experience any unusual performance.

Top 10 Email scam you should know about.. make sure before u forward an email..


There are many email scams going around. I have recently searched and documented top ten of them currently hovering around. Please find time to read what experts have to say which you may  have already observed.
It can really get your blood pressure depending on how you want to see it, going.
You log into your email box, hoping to do a honest spot of work or just catch up on your fun mail, and what do you think you see?
Your mailbox is clogged with mails by scammers who have nothing better to do, other than waste your time and see how they can make a quick buck in the process.

The Top 10 Email Scams
1.        The Great Nigerian Scam, also simply known as 419
2.       Pay up, get a guaranteed loan or credit card
3.      Have you won a lottery?
4.      Phished!
5.      Hey, you're hired!
6.      It's a disaster!
7.      Time to travel?
8.      Money can't be minted. . . or can it?
9.      Join a chain?
10.   Instant cures? Naah!

1. The Great Nigerian Scam, also simply known as 419
It's been going on for over a decade, and it's amazing how successful it continues to be. And that, probably, is because it appeals to two of the strongest aspects of human nature: kindness and greed.
Dearly Beloved, it will begin, or with a salutation to Respected or Kind Sir/ Madam. This will be followed by a heartfelt plea for help. You see, the person writing the mail either has tons of money with no way of getting it out of the country or has tons of money and wants to donate it.
In either case, they can't do it without your help because they are stuck in an obscure African nation that has either just faced a coup or is in the grip of an evil dictator.
(There are many variations to this theme. Sometimes it's a widow giving away her millions, or an Arab billionaire feeling altruistic and picking you to give his fortune. . . but all these are nothing but scams.)
They'll promise you a huge sum of money in return for your help, even though they know your motive is truly altruistic. You'll need to send money to a few selfish souls in order to prod them into releasing the said funds, or transferring it in your name, but person writing you the anguished mail promises to reimburse every penny and then some!
The more money you send, the more they wheedle out of you. Of course, you can be sure you aren't going to get a penny -- after all, they aren't going to share their ill-gotten wealth with you, are they?
Remedy: Hit the delete button immediately.
2. Pay up, get a guaranteed loan or credit card
You have to hand it to these scamsters; they are great students of human nature. And the biggest problem most of us mortal souls face is money.
Even as we juggle to satisfy our needs -- it could be that additional night out at an expensive new joint or the desire to buy an iPhone -- we just never seem to have enough money.
So, if someone promises you a 'pre-approved' loan or a credit card if you pay a small fee upfront, how can you not grab the offer?
You wouldn't actually, if you stopped to think for a moment. Why would you randomly be offered a pre-approved loan without a creditworthiness check? After all, the banks would like their money returned with interest, so they would like to know if you have the capacity to pay them back.
A credit card begs the same question -- why would any bank give you one without checking if you are capable of paying the bill every month? And why would they charge you a fee upfront?
Remedy: Pause to think; you'll automatically hit the delete button.
3. Have you won a lottery?
Almost everyone you know would have had this fantasy: of winning tons of money so that you never have to work again, never have to juggle your wants, go for expensive holidays and super-expensive shopping sprees and, in general, spend the rest of their lives wallowing in luxury's luxurious lap.
So, when an email pops up, boldly titled WINNING NOTIFICATION, and tells you that you are the lucky soul to have won a huge pile of cash, you have no reason to disbelieve it. Except for the fact that you
never entered any such sweepstake or lottery.
But that's taken care of as well -- you are either a randomly selected winner, or your email has been entered automatically. How? You don't know and we are sure you don't really care -- your attention is focussed on that never-ending series of zeroes after that initial number.
You're already writing your resignation and dreaming of all the exciting things you can do with the money when. . . Hold your horses! You need to send them a small processing fee (it's generally a small amount compared to the millions you've won, but it large enough to have one happy scamster scampering all the way to the bank).
If you've fallen for this trap, and are waiting for the moolah, it's an expensive lesson learnt. If not. . .
Remedy: Delete! Delete! Delete!
4. Phished!
There's no doubt about the fact that technology can make life much easier. For example, instead of going to the bank, standing in a long queue and dealing with a bored clerk, or even going to an ATM to check your balance, transfer funds or pay bills, you can just as easily do it over the Internet.
It's convenient, and it saves time! But those Internet hackers, the ones who want to make money ripping you off, have such activities firmly in their radar. The result? One of the most widespread scams to have hit mail in-boxes in recent times.
You'll get a rather official looking, and a rather frightening, mail that tells you that you urgently need to verify your identity with the bank/ shopping site because your account has been hacked.
The implied threat is that your personal details could be misused and you could lose money.
If you click on the re-verification link they provide you, that's exactly what's going to happen. As you key in your login name and password, it is captured by a computer programme.
You innocently heave a sigh of relief, thanking the stars for the quick alert from your bank. But your troubles are just beginning. The hackers now know your login and password and can easily skim all your money from your account.
Remedy: Be suspicious! If in doubt, delete. If you think the email is legitimate, call the bank before divulging any details on the Net.
5. Hey, you're hired!
You've been looking for a job, or a change of job -- something that will leave you with some free time so that you can have a life!
Then, like unexpected manna from heaven, such a job actually falls in your lap. You get mail from an impressive sounding company offering you the grand-sounding post in the finance or marketing department.
The company, the mail explains in professional sounding terms, is doing very well in its home country and is now expanding across the globe/ in Asia, including India. They need people and you seem the right fit. They have Indian customers; all you have to do is collect money from them and send it to the company (pretty much like a post box they assure you, you're not a recovery agent and don't have to run after their customers).
Your commission will be somewhere between 5 per cent and 15 per cent; all you need to do is drop the cheques/ money orders into your account and send the money, minus your percentage, to them.
Of course, you'll need to share some personal information, such as your contact details bank account details. It all sounds simple and aboveboard, doesn't it?
Soon, you'll actually receive cheques and money orders. You'll deposit it in your account and send money to your employers. Then, you'll discover the cheques and money orders are fraudulent. Which leaves you. . . yup, conned, having sent your hard-earned savings to a scamster. If you try to trace them, you find they've vanished into the Internet. . . oops, ether!
Remedy: Remember, nothing comes free. Take a moment to verify the mail's details; you may find what you actually need is the delete button.
6. It's a disaster!
Every time disaster strikes, in the midst of heart-wrenching human tragedy, there will be a few hard-hearted enough to make a quick buck.
When tragedy takes place on a large scale, help is needed from multiple sources on an even larger scale. Many of us pitch in. But be careful if you get an email asking you to help financially with disaster relief. It could be a scamster on the prowl.
Do not give out your financial details until you thoroughly verify the source is genuine.
Remedy: Make sure your aid goes to the right source; ideally, approach an NGO (non-governmental organisation). As for these scamsters, relegate them to where they belong -- in the trash!



7. Time to travel?
You're planning a much looked forward to holiday and -- stroke of luck! -- some interesting emails land in your mail in-box, offering you bargain holidays to these really exotic locations. It may even be a reasonably priced, decent sounding time share arrangement.
You click, send in your requirement, get a positive reply and even sign on the dotted line.
And then discover. . .
·  That, quite simply, the whole thing was a scam and the money you've already paid is lost forever.
·  There are certain rather expensive charges you have to pay that you were told nothing about.
·  That the time-share is on, but the dates that are available to you are the ones that no one else wants because they are not convenient.
These scams peak just before, or during, the holiday season, so beware!
Remedy: Ignore these guys and book through a real travel agent, a state-run travel agency, or a reputed Web site.
8. Money can't be minted. . . or can it?
 It's the classic scam and there are so many versions of it going on, both online and offline.
At first reading, or hearing as the case may be, it all sounds pretty plausible. The email will contain a list of people. You will be asked to send a certain amount of money to the person whose name tops the list. You will also be asked to forward the list to a certain number of people you trust.
The opportunity to make a good deal money, with minimal investment, will be impressively detailed. There will be quotes given, along with email addresses, of happily satisfied people who've already made their bundle. There are repeated guarantees and double reassurances that nothing, absolutely nothing, can go wrong.
If things go according the method listed, you may actually stand to make some money. But this, remember, is a scam. Most of the time, the mail is manipulated in such a way that the name of the scamster, or his friends, is always on top.
Even if the scheme is genuine, it works only if more people get added to the list and if they send money. And all such schemes have a strange tendency of fizzling out; only those who get in early make some money. This is the much prevalent Ponzi scheme. . . and sometimes even multi-level marketing schemes fall into this category.
Remedy: There's no easy way to make money. The easier way out is to aim for the delete button.


9. Join a chain?
 It's tough but you still have to believe it! Chain emails, where you are asked to forward the mail to a certain number of people, either in peril because something horrible will happen to you otherwise or because Bill Gates will give you a substantial chunk of his wealth, is nothing but -- sigh! -- a scam.
Bill Gates, Mukesh Ambani, Jack Welch, Richard Branson, Warren Buffett and all the other super-rich people are NOT interested in sharing their wealth with gullible people who forward chain mail with the celebrity's name in it. Yes, forwarding mails will not get you a Nokia cell phone or an iPhone.
You are NOT going dogged by bad luck if you delete a chain mail instead of forwarding it. Your friends are NOT going to desert you. NEITHER you nor your family is going to fall seriously ill. NOR will unexpected good luck come your way just because you did forwarded the mail.
Remember, you are not doing anyone a favour by forwarding these mails. All you are doing is cluttering some else's email box. And, probably, allowing some malicious virus to track the email addresses -- and infect the computers -- of the people you've sent the mail to.
Remedy: Trash the mail. Pronto!
10. Instant cures? Naah!
 This one is horrible, because it preys on your fear.
It will either outline a surefire cure for a deadly disease. Or it will tell you about how heating water in the microwave could lead to cancer. Or how talking on your cell phone when you are charging it will lead to the phone blasting into pieces in your hand. Or some such other stuff that sounds plausible, and possible, but is unfortunately not true. Like enhancing your manhood, or making you a better lover, etc. . .
Do not forward! It is just a blatant attempt to collect as many genuine email addresses as possible, so that they can then be used in other email scams!
Remedy: Destroy that mail.


NOTE: Never reply, even in anger, to any such email!

Monday 3 December 2012

Important Vulnerability Basics

Use the vulnerability assessment tools to identify the vulnerabilities you need to repair. This will help protect your website or network against security breaches.

Vulnerabilities
Critical versus informational
Vulnerability assessment
Best practices

A vulnerability is a weakness or flaw in your website or network. Vulnerabilities can be exploited to damage or compromise customer and other sensitive data, or your site. If your site were a house, a vulnerability would be an open window or door. To protect your house, you'd lock that window or door. Websites and networks have analogous entry points, as well as ways to seal off those entry points for greater protection.
  
While not inherently dangerous, a critical vulnerability leaves your site exposed to serious breaches. For example, someone could gain access to sensitive data, alter your site's appearance or function, or infect your visitors' systems. How critical a particular vulnerability is depends on two things:
 
1) How commonly exploited the entry point is, and
2) How much damage a breach to that area could cause.

For example, in a house, doors and windows are more commonly exploited than floorboards and chimneys. Similarly, some parts of a website or network are more commonly exploited than others. Some areas also may contain especially confidential or valuable data, so a breach of those parts would be more critical than a breach of other parts.

When you activate vulnerability assessment, we scan your website or network or both each week for common entry points which, if breached, could threaten your online security. You receive the results of the scan in a downloadable PDF report highlighting the most critical vulnerabilities. Non-critical vulnerabilities are listed in the section labeled "Informational."

You can activate or deactivate vulnerability assessment from within your account. Once you activate vulnerability assessment, your first PDF report should be available for you to download within about 24 hours. After that, we'll run the scan weekly, and generate each new report within about 24 hours of the scan.

Note: Only the presence of critical vulnerabilities (not informational) will trigger an alert in your console. Your report will be available for download each week whether or not you have critical vulnerabilities.

When you are logged into your account, you can set or change your email notification preferences for vulnerability assessment. For example, you can choose to receive notification emails only for critical vulnerabilities, each time a new report is generated, or when we are unable to scan your site.  You can also choose email recipients.
 
To help protect against security breaches, it's recommend that you:
·         Activate the vulnerability assessment service.
·         If you already have a vulnerability scanning service, use vulnerability assessment as a cross-check for your other scan's results. Scan results can differ from company to company.
·         Designate someone in your organization to review each report, and to have any critical vulnerabilities repaired as soon as possible. Set your email preferences to notify your designated person when new reports are available.
·         After making repairs, rescan your site to verify the repairs.
·         Read and follow the suggestions in the Malware Prevention article below—they also apply to vulnerability.

5 Minutes Guide to Malware

Malware is the new computer virus, the new worm, the new spam. In fact, malware is all of those and more. Malware is a genuine threat to your Web site, to your business, and to your customers. Malware leads to:
  • Web site traffic loss – New customers are warned about your site and loyal customers stop coming back.
  • Brand tarnishing – Your company's reputation – not just your Web site – is damaged.
  • Consumer confidence erosion – Consumers will not trust your Web site, your business, or your products and services.
Instead of overt Internet vandalism and mayhem, today's malware criminals stealthily infiltrate Web sites and home computers for devious or illegal profit.
Their mission: Put malware on your site and spread the malware to your visitors for fraud and theft.
Your mission: Keep malware off your site and keep customers on your site!
Why should I care about malware?
Trust. Your customers and business partners trust that your Web site is safe. Malware on your site diminishes or eliminates that trust.
  • Customers who are warned of or infected by malware on your site will no longer trust your site or your business. They may stop doing business with you through any means.
  • If there is malware on your site, Web browsers like Internet Explorer and Firefox and search engines like Yahoo! and Google will show a warning that your site is dangerous when a customer tries to visit it (this is known as "blacklisting").
  • Malware on your site can install malware on your customers' computers (known as "drive-by downloads"). Malware on your customers' computers can steal their personal information, track their keystrokes and activities, and spread viruses and more malware.
What is malware?
Malware is any computer program that is installed on a computer without the owner's knowledge, in order to deliberately damage the computer or perform illegal activities.
  • Malware is short for "malicious software". Malware is related to the more well-known term "computer virus", but they are not exactly the same.
  • Malware is a broad term used to refer to many different forms of hostile, intrusive, or annoying software, such as computer viruses, worms, trojan horses, rootkits, spyware, dishonest adware, and crimeware.
How is malware used?
For illegal profit, consumer deception, Web site vandalism, and other criminal activities.
  • Adware shows pop-up ads on infected computers and the attackers collect payment based on the number of times the ads appear.
  • Spam is the bulk junk mail that everyone gets in their Inbox. Spam can be sent from malware-infected computers. The attackers collect payment based on the number of emails sent or on responses to the sales or information requests in the emails.
  • Identity Theft and Infostealing capture private information, such as usernames and passwords, credit card and banking information, or social security numbers. The attackers can use the stolen data directly to impersonate the theft victim, or sell lists of stolen data within their crime network.
Where does malware come from?
Like a computer virus, malware starts on a few computers and then spreads to many computers.
  • To effectively distribute malware to as many computers as possible, the first goal of a malware attack is to infect your Web site.
  • Unknown to you and the people who visit your site, the malware then installs more malware on the visitors' computers.
  • Installation may be totally invisible to your site visitors – all a visitor needs to do is go to a certain page, and the malware can install on the visitor's computer. Installation may also be disguised as or packaged with a useful plug-in, which the visitor intentionally downloads and installs.
How do I prevent a malware infection? 
Keep your web server secure, clean, and backed up.
  • Maintain an up-to-date backup server.
  • Secure the Web server that hosts your Web site.
  • Secure any applications or other code that is executed or distributed on your Web site.
  • Know and trust the people who manage your Web site.
  • Remove programs that are not needed.
  • Do not use the server for other purposes, especially browsing the Web.
  • Do not rely on commercial, off-the-shelf antivirus services to protect your Web site.
  • See the Malware Best Practices article for more details on these prevention recommendations.
  • also read important vulnerability basics

Malware Prevention - Best Practices


Preventing Malware Infections
Preventing malware on your Web site is easier than you might think. And it doesn't require too much extra time, money, and resources to protect your systems. Following best practices for prevention and using the resources that you already have, you can significantly lessen the chances of having malware on your Web site.
Discuss these tips and guidelines with your developers and server administrators. Find out if and how these best practices are applied in your company. Set administrative and development policies based on these best practices as well as the recommendations of your trusted administrators.
Back up your Web server!
  • Perhaps the most significant preventive measure that you can take is actually preparing for the worst case scenario. What do you do when your Web site is infected and you can't just delete the malware? In that case, you want to make sure that you can recover everything that you use to run your Web site.
  • Maintain a redundant, up-to-date backup Web server. If your active server is infected, you can switch over to the clean backup server. Your customers will not experience any downtime while you clean the infected server.
  • If maintaining a redundant backup is cost- and resource-intensive, make sure that you have backup copies of all operating system and application software, including all patches and maintenance releases.
  • Make especially sure that you regularly back up all of the data. If any business or customer data is compromised or damaged, you can restore the data with minimal downtime for specific features – instead of taking your entire Web site offline.
Secure your Web server.
  • User access must be secure. Your administrators and developers should use strong passwords, change their passwords regularly, or use access credentials that are handed out by a trusted administrator.
  • Follow the "principle of least privileges." Know who has access to your server and make sure that only those who need access have it. Additionally, restrict user privileges person-by-person; give your administrators and developers only the privileges that they need to do their job.
  • File transfers must be encrypted. Use Secure FTP (SFTP) or Secure Copy (SCP) tools to transfer the files. FTP tools are not encrypted.
  • Practice secure application development. In your back-end code, validate user input type and eliminate security holes (known as "vulnerabilities") such as buffer overflow, SQL injection, and cross-site scripting.
  • On your customer-facing Web site, don't give away any information that your customers don't need – the information might be useful for attackers. For example, in error messages, don't show your server type or version or say that "we can't connect to the database". Don't provide specific login errors like "your password is wrong" – this message tells an attacker that an account exists with the username. 
Trust the person at the keyboard.
  • Make sure that everyone with access to your Web server understands and recognizes social engineering methods. Social engineering is convincing someone to do something or reveal confidential information, typically by impersonating a person of authority or influence. A saying goes: "it's easier to hack the person than it is to hack the machine".
  • Through social engineering, a malware attack starts without even touching your Web server. With just a little information about your company, an attacker can impersonate a company executive or external authority (such as the police or a lawyer) over the phone. If the attacker is convincing enough, the attacker might persuade a junior developer to unknowingly install or link to malware.
  • Have confidence in and trust all of the people who have access to your Web server. But regardless of your level of trust, your server should track user logins and all actions while logged in.
  • Trust and accountability are key to preventing the most direct threat – an inside job, a deliberate attack by an employee or colleague. Whether driven by personal reasons or coerced by an outsider, this person already has all of the access and privileges needed to put malware on your Web site.
  • For any changes to your Web site, have a clear sign-off process. You should also have contingency plans if critical people are not available, so that everyone knows what to do when you or your server administrator can't be reached. 
Use your Web server for one thing and one thing only: running your Web site.
  • Do not use the server to browse the Web, check your email, instant message, blog about your vacation, or send your mom photos from last week's family reunion. You have enough to worry about with attackers trying to get in – don't help them out by actively roaming the Internet.
  • Remove all unused programs from your Web server. Popular applications sometimes have known vulnerabilities that attackers can easily exploit. If a program is not being used, remove the program so that it is not a potential point of attack.
  • If possible, remove software documentation from the server and store it elsewhere. Documentation that includes application names, version numbers, and bug fixes can give attackers insight into what's on the server and how to gain access. 
Patch, patch, patch. Keep your server software, operating systems, and applications up to date.
  • Know what software is on your server. Keep a list of all operating system and application software installed on the server, including version numbers.
  • Keep all software on the server up to date and running the current versions. Newer versions often include fixes for known vulnerabilities. Vulnerability fixes close the loopholes that the hacker and malware communities know how to exploit.

Thursday 29 November 2012

*Important* Virus Notification

Latest Virus/ Worm Threat

We have been notified by Antivirus Advisory Labs about a latest Virus threat 'W32/Autorun.worm.aaeb-h' which has the ability to infect removable media device and network shares..!

As an action plan, we have mitigated this risk by patching our systems & desktops with the latest antivirus protection and by adding additional controls. However, the viewers of this blog are requested to:
  i)  exercise caution while opening unsolicited emails and unknown files.
 ii)  refrain from using USB drives.
iii) download and use stinger tool for remediation in case of any suspicious virus message creeps up from your system.

From: McAfee [mailto:sns@snssecure.mcafee.com] 
Sent: Wednesday, 28 November, 2012 22:37

To: Rinith KT
Subject: *URGENT* McAfee SNS ALERT: *UPDATE* Reports of W32/autorun.worm.aaeb-h infections

**Update to original message: Stinger tool now available. See Mitigation section below**
McAfee has received multiple reports of customers who are severely affected by variants of W32/autorun.worm.aaeb-h.

Impact

W32/Autorun.worm.aaeb-h has the ability to infect removable media devices and mounted network shares. It can also copy itself into .zip and .rar archive files.
The infection starts either with manual execution of an infected file or by navigating to a folder that contains infected files. This threat has the ability to download other malware or updates to itself as directed by a Command-and-Control (C&C) server.

Mitigation

McAfee has released an Extra.DAT and Stinger to detect and clean this threat.

To download the Extra.DAT and Stinger, see KB76807


For more information on McAfee product coverage and mitigation for this threat, see PD24169 - Threat Advisory: W32/Autorun.worm.aaeb: