- The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 10, 2003


  Where to Start
  AntiVirus Vendors
  Hoaxes & Virus Myths
  Macro Viruses
  Recent Outbreaks
  Virus Zoos


  Books on Security
  Disaster Recovery
  FAQ's & Tutorials
  Intrusion Detection
  Legal Resources
  Online Seminars
  Password Security
  Security Links
  Securing Networks

Preventing and Containing Virus Outbreaks

Where to Start...

Are You Infected? Detecting Malware Infection
Once executed, malware can perform its intended malicious function on a system. Unfortunately, it may not always be apparent to users that their system is indeed infected. This article will discuss how to determine whether or not the system has been infected and will offer some tips on to manually disinfect the system. Source: (Feb 2003)

Behavioral rules vs. signatures: Which should you use?
Many security products on the market today detect malicious attacks, but few take action to prevent them. Even more confusing for IT and security professionals is the debate over the best way to detect and prevent hacking activity: signatures or behavioral rules. Each approach has advantages and disadvantages, but by combining the two, enterprises can ensure that servers and data are fully protected. Source: ComputerWorld (Feb 2003)

Combating non-viral malware
Most people assume that AntiVirus software protects us from malicious code, and, by and large, it does. But
there's a huge category of unwanted code, against which it is powerless: nonreproducing malware. Overburdened IT security departments may consider these threats insignificant compared to other priorities. But the problem of nonviral malware is growing, and defending against it is a nontrivial task. Source: InfoSecurity Magazine (May 2002)

Computer virus prevention: a primer
This white paper describes the current virus situation, common virus entry points, procedures for preventing infection, types of anti-virus software, deployment and administration of anti-virus software, and measures for recovering from a virus attack. Source: (Aug 2000)

Content Scanning and User Education Help Reduce Virus Risks
If last week's ILOVEYOU virus caused your company major problems, read Jerry Cochran's advice on how you can prepare your systems for future similar attacks. Source: Windows & .NET Magazine (May 2000)

Dangerous E-Mail: Return to Sender
How active content made the Melissa virus and the ExploreZip worm possible Source: Network Magazine (Sept 1999)

Detecting and Removing Trojans and Malicious Code from Win2K
The amount of malicious code directed at Windows systems seems to be increasing on a continual curve The purpose of this article is to recommend steps that an administrator can use to determine whether or not a Win2K system has been infected with malicious code or "malware" and, if so, to remove it. Source: (Sept 2002)

Do look this gift horse in the mouth NEW!
Trojan horse programs masquerade as harmless applications, concealing their destructive power. Doug Schweitzer offers advice on how to protect your computer and what to do if you're attacked. Source: ComputerWorld (March 17, 2003)

Email security
This white paper provides useful background information on email security issues. It will help you examine the security threats facing your corporate email system and determine what kind of email security solution your company needs. Source:

Gaining Insight from the Melissa Virus White Paper
Download this 352 KB document from the Microsoft Personal Online Support site to review a multi-tier, seven-step approach for reducing the risk of data loss and business disruption in the event of a virus attack. The material for this document is based on lessons learned from the Melissa virus.

How to Determine if Back Orifice 2000 Is Installed On Your System
Microsoft Knowledge Base Article: 237280 - This article describes how to determine if the third-party Back Orifice 2000 software (sometimes known as a virus - is installed on your computer.

How to bamboozle a woozle
Network managers could be facing a new security nightmare because of crackers' new network entrance, a special cookie that silently taps data through the internet port. The information it seeks can range from a simple inventory of applications to a list of user identifications and passwords. Source: Vnunet (March 24, 2001)

HOW TO: Configure Your Windows 2000 Server-Based Computer for Daily Virus Checks 
Microsoft Knowledge Base Article: 298034 - This article describes a step-by-step procedure that you can use to configure your Windows 2000 Server-based computer for daily virus checks. 

How ISA Server Can Be Configured to Help Prevent the W32.Slammer Worm
This document discusses how the Slammer spreads, where links to more details about patching your servers, what ISA Server can do to help prevent Slammer, and where to go for more information.Slammer targets computers running Microsoft SQL Server 2000, and computers running Microsoft Desktop Engine (MSDE) 2000. The worm sends 376 bytes to UDP port 1434, the SQL Server Resolution Service Port. This large number of packets results in a Denial of Service attack. The worm only spreads as an in-memory process: it never writes itself to the hard drive. Source:

How to Protect Boot Sector from Viruses in Windows NT/2000
Microsoft Knowledge Base Article: 122221 - When you start your computer with a floppy disk that is infected with a virus, Windows NT is not capable of detecting it, which is true with many operating systems. Some viruses, such as the FORMS virus, may infect the boot sector of your hard drive.

IBM Corporate Checklist 
This checklist is for use handling a confirmed virus incident in a company setting. It will help you handle a virus outbreak. Make a copy of it and take it with you as you work on the incident.

INFO: Use Antivirus Software Before You Install Windows XP 
Microsoft Knowledge Base Article: 317321 - Microsoft highly recommends that you use antivirus software before you upgrade your operating system to Windows XP. Antivirus software scans your computer to detect and to fix computer viruses. By taking these preventive measures, you can avoid virus-related problems during your Windows XP upgrade. This article describes how antivirus software works and includes links to the Web sites of antivirus software vendors. 

Java Security FAQ
Java can be a useful tool, but can also be used to write malicious applets that can wreak havoc. This FAQ by Sun Microsystems should clear up some of the major issues.

Managing the virus threat
How do you keep all those antivirus programs updated across thousands of desktops? There's no easy way, security managers say, which leaves them scrambling -- and users vulnerable. Source: ComputerWorld (May 2001)

Preventing and Detecting Malware Installations on NT/2K NEW! 
This article addresses actions that NT/2K administrators can take to prevent and detect malware (malicious software) installations on their systems. By taking advantage of the inherent capabilities of the operating system itself, administrators can prevent or significantly hamper malware installations, and detect when such installations occur. Source:

Protecting your network against email threats: How to block email viruses and attacks
This white paper describes various methods used by email viruses and worms to penetrate a protected network. Such methods include attachment files containing harmful code, social engineering attacks, crafted MIME headers, malicious use of JavaScript and similar technologies. A URL is provided where you can test whether your email system is vulnerable to threats like these. Source:

Stopping Infection: An AntiVirus Tutorial Part 1
A decent primer by Diane E Levine, President of Strategic Systems Management, from Planet IT September 1999. Part 2 is here

Strategies & Issues: Thwarting Insider Attacks
Many organizations fail to adequately protect against internal threats-often with calamitous consequences. Here are some chilling numbers to help illustrate the problem: According to InterGov (, an international organization that works with police agencies to combat cyber crime, insiders commit about 80 percent of all computer- and Internet-related crime, and these crimes cause an average loss of about $110,000 per corporate victim. Source: Network Magazine (Sept 2002)

The Evolution of 32-Bit Windows Viruses
The world of computer antivirus research has changed drastically since the introduction of Windows 95. One reason for this change is that certain DOS-based viruses that used stealth techniques and undocumented DOS features became incompatible with Win95. As a result, virus writers took on the challenge of investigating the new OS and began creating new Win95-compatible DOS-executable viruses and boot viruses. Source: Windows & .NET Magazine (July 2000)

The Evolution of Malicious Agents
This paper examines the evolution of malicious agents by analyzing features and limitations of popular viruses, worms, and trojans, detailing the possibility of a new breed of malicious agents currently being developed on the Internet. Source: SecurityPortal (April 2000)

Understanding Virus Behavior in the Windows NT Environment 
A must read article from Symantec

Why anti-virus software is not enough: The urgent need for server-based email content checking This white paper explains why anti-virus software alone is not enough to protect your organization against the current and future onslaught of computer viruses. Examining the different kinds of email attacks that threaten today's organizations, this paper describes the need for a solid server-based content-checking solution to safeguard your business against email viruses and attacks. Source:

Windows Root Kits a Stealthy Threat
Hackers are using vastly more sophisticated techniques to secretly control the machines they've cracked, and experts say it's just the beginning. Also known as "kernel mode Trojans," root kits are far more sophisticated than the usual batch of Windows backdoor programs that irk network administrators today. In contrast, a root kit hooks itself into the operating system's Application Program Interface (API), where it intercepts the system calls that other programs use to perform basic functions, like accessing files on the computer's hard drive. The root kit is the man-in-the-middle, squatting between the operating system and the programs that rely on it, deciding what those programs can see and do. Source:


Pinky, Are You Pondering What I'm Pondering?
I think so Larry, and Brain, but how we will get all seven dwarves to shave their legs.
- Pinky and the Brain in "Pinky and the Brain and ... Larry"

Entire contents
© 1999-2003 and TechTarget
All rights reserved

This site and its contents are Copyright 1999-2003 by Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with The products referenced in this site are provided by parties other than makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer>