BigFix User Group

http://news-service.stanford.edu/news/2 … 91405.html

This article is from last year but is a good success story on how we used BigFix to combat the Zotob/Esbot worm.

While we were under attack we had identified "mousebm.exe" as a rouge service installed as a result of the worm.  (this was before the worm even had a name)
I had written in a retrieved property to look for this service and return the time stamp as a result.  The cool part of this was I could see how quickly and which order of machines were being infected to try to trace back to the first machine attacked.  In one department I saw 70 machines comprimised in about a 45 minute window.  Long story short here is another great way to use retrieved properties to identify comprimised machines.

Last edited by Stacy Lee (2006-08-23 09:23:21)