Eric H. Johnson on 5 Oct 2012 12:33:13 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Detecting SQL injection viruses

Hi all,

Not really a Linux question, but a number of people on this list seem to
have expertise in this area.

I have a client that is having a problem filtering out what I think from
reading on the Internet are encrypted SQL injection viruses, which seems to
defeat the pattern matching used by Symantec, McAfee, and similar AV tools. 

The machines affected are generally Windows XP, all are running Symantec AV,
and the users are unprivileged. Thus the virus will only affect the logged
in user and is generally easily removed by running under local admin
privileges, however the virus often leaves collateral damage like tagging
files and shortcuts as hidden. Even doing a system restore from an earlier
date doesn't clean everything up.

My question though is, does anyone know of anything that effectively detects
these types of viruses?

Yea, I know, change all the work stations to Linux. :)


Philadelphia Linux Users Group         --
Announcements -
General Discussion  --