Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Symantec may have missed something serious ...Help?


  • Please log in to reply
7 replies to this topic

#1 HelpingHands

HelpingHands

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 11 September 2013 - 02:02 PM

Long story short...I lost my job yesterday based on the fact that a "random" check was done on a few computers with the Barracuda Website Filtering. Since I log onto my computer at the beginning of the day and don't log out until 5 any activity will appear under my name even if I locked my screen and leave my apps running. Now keep in mind 4 people have used this computer before me, and while I was out for a month others used my computer. In the past 2 months I have seen the Symantec message Web Attack: Exploit Kit Variant Activity 3 when I turn on my computer run a scan that found nothing and wasn't notified by the tech monitors of anything so I assumed everything was ok. Until yesterday when I was told that the Barracuda Website Filtering had monitored me going to multiple adult content websites that I had never heard of or seen for 1-4 or 5 min sessions. Some of the times I was out to lunch. The head of the tech department was called in as I was stating that it could be a virus, worm anything that could have been running in the background. The tech expert said it's not true you have to actually visit those pages  she said they can't run in the background.

 

 

Was it possible I was infected and was not caught? I did not go to those sites. Your thoughts.


Edited by HelpingHands, 11 September 2013 - 02:04 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 11 September 2013 - 08:10 PM

If the IT Dept was monitoring activity and websites visited by employees, they should have a record of the user login name and date/times this was done. Did they show you that information?

If your computer was shared by others, did each user have their own login account or was the same login information shared by everyone?

If everyone had their own login account, its always possible someone logged in with your user account (if they had access to that info) and visited those prohibited sites. The problem then is proving that it was someone else.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 HelpingHands

HelpingHands
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 11 September 2013 - 08:55 PM

Quietman...when I was out they used my information which I cannot change. IT gives us our user names and passwords. The previous users info were still on the computer all they did was change the username and password. I never visited these sites. The computer I was using showed a red shield saying my computer maybe at risk but when you went to see if the virus protection was on it was. This was confirmed by IT. Could this compromised the safety of my computer.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 11 September 2013 - 09:05 PM

Description
This signature detects attempts to download exploits from a malicious toolkit which may compromise a computer through various vendor vulnerabilities.

Additional Information
Malicious toolkits contain various exploits bundled into a single package. Victim on visiting the malicious server hosting exploit toolkit is attacked with several different exploits exploiting different vulnerabilities one by one.Exploits may include MDAC,PDF,HCP etc.

Web Attack: Exploit Kit Variant 3
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:32 AM

Posted 11 September 2013 - 10:34 PM

Both are 2 more quotes are from Norton / Symantec site.

A web attack is a "driveby download attempt" that you would have encountered if you had browsed to a website that had been compromised.  Did you get all three warnings at the same website?  Were all three relatively close in time, or were they on different days ? ....

Then there was a malicious script on the site that Norton blocked each time.  Your PC should be fine.
In brief, someone did visit the sites as they classify this as a "Drive-by" infection / attack -
 

The RED color is mine just to stress the points made.

 

Thank You -



#6 HelpingHands

HelpingHands
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 12 September 2013 - 06:16 AM

Any site just not those sites in particular. I do remember looking information for work and it popping up on when trying to go to some sites over the past few months. Haven't had this problem before. Only had one virus alert in the 2,years I have been there and I know that urls and cookies can be dropped in your history even if you have never been there. I've gotten suspicious activity messages when I cut my computer on at work. Run a scan it says everything is fine. However, there is no way for us to determine if the Symantec used is current or us capable of handling what they do. They already use the free version of malware bytes on company computers and it's outdated ,



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 12 September 2013 - 07:29 AM

Again, the problem is proving that it was someone else who visited these sites. The work environment is not a court of law so the burden of proof is going to rest on you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:32 AM

Posted 12 September 2013 - 04:40 PM

They already use the free version of malware bytes on company computers and it's outdated

You should inform some person there that Malwarebytes Anti-Malware has not got a Free Version for use in business, so this is considered not legal ....

If any version is not updated daily it is considered "Out-dated" -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users