To fast on the trigger..
I don't want to start up the thread about AV on or not on the filers (I run it on my filer), but we got hit with a nasty variant of this. Not sure why Trend didn't block it, but basically a bunch of my CIF folders were set to read only/hidden.. Not fun. There are some other reasons that need to be mitigated that I wont go into, but this is the virus.
http://about-threats.trendmicro.com/Malware.aspx?id=47409&name=WORM_VOBF...
To unhide the share, we were mapped to the share location, and ran this.. It unhides the shares lick-ity split.
From an XP box..
Cmd
"usebackq delims=#" %i in (`dir *. /ah /s /b`) do attrib -s -h "%i"
Just share because I care..
"klises" == Klise, Steve klises@sutterhealth.org writes:
klises> To fast on the trigger.. I don't want to start up the thread klises> about AV on or not on the filers (I run it on my filer), but klises> we got hit with a nasty variant of this. Not sure why Trend klises> didn't block it, but basically a bunch of my CIF folders were klises> set to read only/hidden.. Not fun. There are some other klises> reasons that need to be mitigated that I wont go into, but klises> this is the virus.
klises> http://about-threats.trendmicro.com/Malware.aspx?id=47409&name=WORM_VOBF...
I should check my toasters folder more often; we got hit with this on Wednesday afternoon, as well. I think it took Trend ~10 hours before it would pick up on it, and in the meantime we shut down all of our CIFS shares on the related filers and did manual scans of the filesystems.
As it turns out we only had a few people infected but it made for a long day. :-\
K.
-
fubar@pir.net -
Klise, Steve