|
| Mengatasi virus menginfeksi seluruh jaringan komputer |
| Di post Jun 20, 2006 |
Email ke teman
Cetak
|
 Banyak virus yang tersebar lewat jaringan komputer di warnet maupun kantor terutama akibat adanya akses internet. Satu komputer client saja yang terinfeksi, akan bisa menginfeksi seluruh jaringan komputer yang mungkin hingga ratusan. Apalagi setiap komputer client men-share file/folder akan lebih mudah terkena virus yang notabene selalu mencari peluang untuk mengandakan diri dan kemudian menyebar.
Simak cara mengatasinya dari Norman antivirus di bawah ini:
Stopping network share infectors
Many viruses today are share infectors. They infect open shares throughout the network. A single infected computer is capable of infecting hundreds of other machines.
It is a common scenario that many sites have open shares on their servers where all users has unlimited access. The intention of these shares is to provide an universal area where all users can exchange common files and information. Other scenarios include shares that are not intended for common purposes, but they are open due to lack of planning and security.
No matter the reason, these file shares are highly exposed to viruses like Pinfi and Funlove that have open file shares as a target for infection.
A share infector scenario:
The figure above illustrates an unprotected workstation (IP: 192.168.0.13) that is allowed to execute a file infected with the Pinfi virus. The infected workstation will propagate open file shares on computers in the network, look for files with .exe and .scr extension on these shares and then try to infect these files.
All servers in this situation are protected with updated antivirus software, which monitors the file system on the servers. An attempt to infect files on these shares will be detected and infected files are instantly cleaned.
The problem, however, is that the workstation is still infected and will re-infect the .exe and .scr files shortly after the antivirus software has performed the first clean operation. We now have an infect-clean-infect cycle that will go on forever unless something is being done with the original infection: the infected workstation.
Finding the source of the problem
In a large network with hundreds, even thousands of machines, it can be really hard to find this particular workstation. The Virus Alert message normally just points at the target file for the infection, which virus that was found, and what has been done to the file. There is obviously a need for some extra information to solve this problem.
One way of solving the problem is to use an external tool to monitor a file that is likely to be infected. To avoid too many changes on any of the original servers it may be a good idea to set up a new test machine in the network, create an open share on this machine, and place a copy the .exe file here. In the Pinfi case we know that .exe files are attractive targets to infect, and we copy the file calc.exe from the \Windows directory to the new file share. The calc.exe file is now a “bait" for the infector.
Before we connect the “bait" machine to the network, we need to install a “sniffer" program. We think Ethereal is a good alternative, but programs like Sniffer Pro and Etherpeek will do as well, but Ethereal can be downloaded free of charge. It contains a lot of functionality, so in this paper we will only cover functions relevant to solve this particular scenario.
Install Ethereal
You need two components:
1. Install and run the WinPCap driver that can be downloaded from winpcap.polito.it
2. Install and run Ethereal - can be downloaded from ethereal.com
NOTE: Although our experience with Ethereal is good, we do not support it, so you use it at your own risk.
Monitoring the activity on the network
When Ethereal is installed, make sure that the NVC’s On-access scanner is running on the machine, and start the NVC Utilities program where you open the Messages window.
Before you start monitoring the file, make sure that it gets infected by watching the virus alerts in the Messages window. If no virus alerts appear, then the bait does not work. Check again to make sure that the directory containing the bait really is shared, and that all users have full access to the share.
If this still does not work, you may need to install Ethereal on one of the servers where the infection originally appeared. Some share infectors just infect shares that were available upon start of the infected program. In such a case, find a file here to use as bait for the infection.
Now start Ethereal. We want to capture the activity that the machine receives via the network. But we only want to focus on activity related to the bait, which is the calc.exe test file.
n the lower left corner there is a field labelled Filter: In this field type the string:
smb.file contains “calc.exe"
Select the command Capture/Start and then click OK. The capture window appears. From now on watch the activity in the NVC Utilities’ Messages window. As soon as there is a new infection on our bait, close the Ethereal capture window. The log from the capture appears in the main window. Make sure that our filter is active by clicking Apply.
By watching the “Source" and “Destination" columns you should now be able to see the IP addresses used in manipulations of the calc.exe file. In our case the local address for our machine is 192.168.0.15. The other IP address involved in the transactions is 192.168.0.13.
Obviously a machine with the address 192.168.0.13 is the infector. You can now solve the problem by isolating it and then perform a complete On-demand scan supplied with the relevant fix(es).
Repeat the process to ensure that there are no other infectors in the network.
source: Norman antivirus |
|
Berita Singkat |
| | |
Intel Celeron Pensiun Tahun 2011 Jul 12, 2010
Intel dikabarkan akan segera menghentikan produksi seri prosesornya yang bernama Celeron pada tahun 2011 mendatang. Intel akan mulai tidak memproduksi Celeron secara pelan-pelan mulai sekarang hingga tahun 2011 mendatang. Disebutkan juga Celeron yang hadir sejak tahun 1998 ini akan segera digantikan oleh prosesor yang lebih baru, yang kualitasnya tidak perlu diragukan lagi.
|
46% Windows 7 adalah Versi 64 bit Jul 10, 2010
Data dari Valve software gaming menunjukan OS WIndows 7 versi 64 bit sangat populer di kalangan gamer. Microsoft menambahkan penguna Windows 7 versi 64 bit ternyata mencapai 46% dibanding versi 32 bit. Berbeda ketika Vista, dalam 3 setengah tahun hanya 11% computer mengunakan 64 bit. Sisanya tetap bertahan di 32 bit. Windows 7 menjadi OS paling cepat penjualannya. Terjuat lebih dari 150 juta copy. Sampai akhir tahun ini perkiraan diharapkan penjualan Windows 7 bisa menembus 300 juta copy.
|
Diserbu Hacker, Twitter Sempat Banyak Error Jul 01, 2010
Situs mikroblogging Twitter diduga sempat jadi korban aksi pihak yang menamakan diri 'Turkish Hackers'. Pada saat kejadian, situs yang sedang naik daun itu sempat mengalami banyak error. Adalah perusahaan antivirus dan keamanan komputer F-Secure yang awalnya mendeteksi keganjilan pada Twitter. Menurut Mikko Hypponen, Chief Research Officer F-Secure, ada sekitar 1.000-an account yang tiba-tiba memunculkan pesan 'Hacked by Turkish Hackers'.
|
Nintendo Akan Rilis 3DS Akhir Tahun Jun 29, 2010
Nintendo 3DS dijadwalkan keluar akhir tahun ini, tetapi menggunakan layar auto 3D Stereo. Console baru buatan Nintendo nantinya dapat diatur untuk mengaktifkan atau di nonaktifkan pada tampilan 3D. Teknologi gambar 3D Stereo masih diperdebatkan saat ini. Bukan dari teknologi display saja yang tampil. Misalnya film juga dibuat dengan teknologi gambar 3D stereo. Kebanyakan yang menonton adalah mereka yang berumur antara 3-10 tahun.
|
Microsoft Office 2010 Mulai Dijual Jun 19, 2010
Microsoft mulai menawarkan Office 2010 ke seluruh dunia. Ada 3 edisi , Office Home and Student 2010 ($149), Office Home dan Business 2010 ($279), atau Office Professional 2010 ($499). Office 2010 memiliki multi fitur baru, seperti Backstage sebagai penganti menu. Beberapa perbaikan sangat baik pada editing new picture dan video editing tools. Demikian fitur Execl dengan Sparklines, yang tampil pada Microsoft Office Web dan hilangnya gambar cell pada spreadsheet.
|
Intel Percepat Rilis i7-990X Dengan 6 Core di Kuartal 4 Tahun 2010 Jun 14, 2010
Intel mempercepat keluarnya 6 core procesor generasi Gultown. Penganti Core i7 980X akan disebut Core i7-990X kecepatan 3.33Ghz. Rencana awal Core i7-990X baru keluar pada awal tahun depan, tetapi dikebut untuk keluar akhir tahun ini. Intel mengeluarkan procesor Core i7 970, 3.2Ghz dengan harga lebih terjangkau.
|
Russell Crowe Diisukan Meninggal Jun 12, 2010
Baru-baru ini, bintang film Gladiator Russel Crowe menjadi korban keganasan dunia maya. Sama seperti yang pernah dialami Tom Cruise, Crowe dikabarkan meninggal dunia di sejumlah situs.
Big News Network, Jumat (11/6/2010), melansir kabar 'Hoax' tersebut menebutkan bahwa aktor kelahiran 1964 tersebut meninggal dunia setelah terjatuh dari ketinggian 50 kaki di gunung Kitzbuhel, Austria. Kematian Crowe diisukan saat dirinya sedang mengambil gambar untuk film berikutnya.
Kabar sebenarnya pertama kali dihembuskan oleh stasiun radio di New York Z100. Namun, kabar tersebut langsung dibantah keras oleh salah satu wakil managemen Crowe melalui usmagazine.com.
|
Intel konfirmasi Unlocked seri K Mei 26, 2010
Dalam persaiapan pameran Computex, MSI memberikan informasi penting atas teknologi BIOS Genie dengan fitur OC. Ada satu bagian yang menarik dengan kata "Support Intel " Unlocked" K CPU".
Ada informasi lain yang menambah kuatnya berita tersebut, procesor seri K akan keluar pada akhir Mei mendatang. Intel akan mengeluarkan Core i7 875K dan Core i5 655K. Keduanya adalah versi Unlock. MSI menyediakan fitur overclock otomatis, sehingga procesor dapat bekerja sampai 400% dari performa awal procesor. Berita ini memang belum terlalu jelas, seperti yang disebutkan ada 2 procesor Intel hanya sebatas pemberitaan saja. Bila berita ini memang benar, apakah procesor tersebut harganya menjadi lebih mahal. Sepertinya memang lebih mahal.
|
|
