| Eric H. Johnson on 5 Oct 2012 12:33:13 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [PLUG] Detecting SQL injection viruses |
Hi all, Not really a Linux question, but a number of people on this list seem to have expertise in this area. I have a client that is having a problem filtering out what I think from reading on the Internet are encrypted SQL injection viruses, which seems to defeat the pattern matching used by Symantec, McAfee, and similar AV tools. The machines affected are generally Windows XP, all are running Symantec AV, and the users are unprivileged. Thus the virus will only affect the logged in user and is generally easily removed by running under local admin privileges, however the virus often leaves collateral damage like tagging files and shortcuts as hidden. Even doing a system restore from an earlier date doesn't clean everything up. My question though is, does anyone know of anything that effectively detects these types of viruses? Yea, I know, change all the work stations to Linux. :) Thanks, Eric ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug