Jump to content


Spartacus

SD Bot virus


3 replies to this topic

#1 Andy Walker

Andy Walker

    Administrator

  • Admin
  • PipPipPipPip
  • 2,987 posts

Posted 15 December 2004 - 12:16 AM

My College network has recently suffered from a viral infection form a variant of the SD Bot Trojan. Our technical staff appear to be at their wits end about it and can now be found rocking quitely in their offices heads in hand.

It seems likely to me that the infection is well established and has damaged our network significantly. We have been without Internet access for several days.

There is always a tendency to "blame" on these occassions and I am concerned that the whole episode could be used to restrict student access to the Internet. I do not believe that this is the correct response.

If anyone has any sensible advice on how to rid a network of such an infection, or information on how such an infection could have occurred, or how similar events could be avoided in the future, please reply in this thread :(

#2 Graham Davies

Graham Davies

    Advanced Member

  • Members
  • PipPipPip
  • 925 posts
  • Gender:Male
  • Location:Berkshire
  • Interests:I began my career as a teacher of German and French in secondary education in 1965, moving into higher education in 1971, where I taught German (and also English as a Foreign Language to students training to become professional translators) until 1993. I have been involved in Computer Assisted Language Learning (CALL) since 1976. In 1982 I wrote one of the first introductory books on computers in language learning and teaching, which was followed by numerous other printed and software publications. In 1989 I was conferred with the title of Professor of CALL by the Academic Board of Ealing College of Higher Education (later integrated into Thames Valley University). I retired from full-time teaching in 1993 but I continued to work as a Visiting Professor for Thames Valley University until 2001. I was the Founder President of EUROCALL, holding the post from 1993 to 2000. I am a partner in Camsoft, a CALL software development and consultancy business, which was founded in 1982. I have lectured and run ICT training courses for language teachers in 22 different countries and I sit on a number of national and international advisory boards and committees. I have been actively involved in WorldCALL since 1998 and I currently head a working party that is in the process of setting up WorldCALL as an official organisation that aims to assist countries that are currently underserved in the area of ICT and the teaching and learning of modern foreign languages. I am fluent in German, I speak tolerable French, and I can survive in Italian, Russian and Hungarian. I enjoy golf, skiing, walking my dog (a retired racing greyhound) and travelling. I used to scuba-dive regularly - my last dive was on the Great Barrier Reef in 1998 - but now I just swim at my local fitness centre.

Posted 15 December 2004 - 11:22 AM

It appears that SDbot exists in various forms. Is this what you are looking for?

http://securityrespo...door.sdbot.html
http://securityrespo...r.sdbot.ae.html
http://www.2-spyware...bot-trojan.html
http://www.pchell.co...rus/sdbot.shtml

I am surprised that it got into your system. Most antivirus software seems to be able to detect an invasion of SDbot, providing the data regarding new virus threats is downloaded.

#3 Andy Walker

Andy Walker

    Administrator

  • Admin
  • PipPipPipPip
  • 2,987 posts

Posted 15 December 2004 - 01:48 PM

It appears that SDbot exists in various forms. Is this what you are looking for?

http://securityrespo...door.sdbot.html
http://securityrespo...r.sdbot.ae.html
http://www.2-spyware...bot-trojan.html
http://www.pchell.co...rus/sdbot.shtml

I am surprised that it got into your system. Most antivirus software seems to be able to detect an invasion of SDbot, providing the data regarding new virus threats is downloaded.

<{POST_SNAPBACK}>


So am I!
Things seem to be returning to normal now following the updating of anti virus software and a lot of hard work by our technical staff. Perhaps Graham you have some advice on the best anti virus package for a school network?

#4 Graham Davies

Graham Davies

    Advanced Member

  • Members
  • PipPipPip
  • 925 posts
  • Gender:Male
  • Location:Berkshire
  • Interests:I began my career as a teacher of German and French in secondary education in 1965, moving into higher education in 1971, where I taught German (and also English as a Foreign Language to students training to become professional translators) until 1993. I have been involved in Computer Assisted Language Learning (CALL) since 1976. In 1982 I wrote one of the first introductory books on computers in language learning and teaching, which was followed by numerous other printed and software publications. In 1989 I was conferred with the title of Professor of CALL by the Academic Board of Ealing College of Higher Education (later integrated into Thames Valley University). I retired from full-time teaching in 1993 but I continued to work as a Visiting Professor for Thames Valley University until 2001. I was the Founder President of EUROCALL, holding the post from 1993 to 2000. I am a partner in Camsoft, a CALL software development and consultancy business, which was founded in 1982. I have lectured and run ICT training courses for language teachers in 22 different countries and I sit on a number of national and international advisory boards and committees. I have been actively involved in WorldCALL since 1998 and I currently head a working party that is in the process of setting up WorldCALL as an official organisation that aims to assist countries that are currently underserved in the area of ICT and the teaching and learning of modern foreign languages. I am fluent in German, I speak tolerable French, and I can survive in Italian, Russian and Hungarian. I enjoy golf, skiing, walking my dog (a retired racing greyhound) and travelling. I used to scuba-dive regularly - my last dive was on the Great Barrier Reef in 1998 - but now I just swim at my local fitness centre.

Posted 15 December 2004 - 02:59 PM

Andy asks:

Perhaps Graham you have some advice on the best anti virus package for a school network?


I have a small home LAN, which I protect with Norton AV 2004 (Symantec). It's always worked well. The only time it let me down was around 4-5 years ago when FunLove sneaked in through a Microsoft "hole". Fun Love was the first Web-borne virus to hit me. The Web-borne viruses were fairly new at the time, and many network managers claimed that they didn't exist! Norton AV 2000 trapped FunLove but only after it had sneaked in through the hole and had already done some damage. I should have patched the hole, of course, but then Microsoft shouldn't have developed such a tacky, insecure system.

Many schools that I know use Sophos, which network managers seem to like:
Sophos: http://www.sophos.com

But you need more than just AV protection.

I use the ZoneAlarm Pro firewall - which seems very secure. If you think your system is secure from intruders then you can run a series of tests at the Gibson Research Corporation (GRC) site in the ShieldsUP! section. GRC will try to hack into your computer and report if they succeed: http://grc.com
It tried it, and GRC couldn't hack me while ZoneAlarm Pro was running.

I use MailWasher Pro to filter out email-borne viruses:
MailWasher Pro: http://www.firetrust.com

I also use SpyBot:
http://spybot.safer-networking.de - software for spotting and removing adware and spyware.

Finally, I always "wash" my system on boot-up, removing Web clutter left over from browsing sessions, cookies, etc:
Window Washer: http://www.webroot.com - a package for removing caches, cookies and other Web clutter from your computer.



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users