i can't think anymore attack vector on our workstation, we paid heck for everything windows, corel, adobe. for other program we're using 7z for archives, sumatrapdf for top dog epaper if they want to view cad drawings. phones are never in same network with worktation, most phones are yellow-black screen or symbian nokias. the latest-tech lady are using blackberry that only has EDGE broadband. where are those virus thing are come? zerodays on company that barely have 40 pc? or is it even possible from the router? we're still using TP-link from ISP and it's really giving me paranoia seeing RCE for routers even though we're behind NAT or is it even possible the virus comes from DNS? because my sysadmin guy just tells me that few months ago we're redirected to a site when mistyping something in HTTP. the redirection page from ISP contains js-based ransomware that poking baidu domain. after DNS changed to google'sdns, the problem go away for few week but now it's back.no matter DNS we use it's still got randomly redirected, or if the site is in HTTP it'll get injected with ads from ISP. how this dns fuckery could be stopped? i also wish i could se what users pc is trying to access on web browser so i could notice if they "accidentaly" poking russian or israeli sites and somehow take countermeasure. what kind of knowledge do i need for this monitoring things?
sorry user i was never that bright kid and probably repeatedly using fucked keyword on search engine but i'm willing to reads and learn for this sysadmin job
the absolute state of Zig Forums. filled with brainlets
your sysadmin guy is based. also you seems looking for pfsense, or if you have extra shekel, check ntop. just get a mid-tier pc, slap 2 x gigabit lan on it, the rest wire it as it's on firewall place. use dnscrypt for that ads injection problem. godspeed op
USB key. MS office macros in the documents. Emails clients who renders HTML. Files in emails. 0days.
This.
Robert Allen
Go on youtube and paste the brand or model number of your router and then add the word "backdoor". librecmc.org
Blake Wright
Look up DNS over https.
Ethan Bell
i hope that you have backups too. didnt see anything about that in your post and those ransomwares can fuck things up if the computer it is on has access to network shares
Julian Bennett
Yeah, that sysadmin should have made sure to set up automated backups instead of playing WoW
Joseph Walker
This, it's probably Office macros.
Chase Davis
Backups There's also programs that keep an image of wingdings and everytime you boot it restores to that image, your sysadmin sounds baste despite playing shit games and could always be some super secret backdoor.
Bentley Perry
how do these systems not have any kind of protection against full filesystem overwrites.. would think that someone would have made that already since a normal user overwriting the whole filesystem even on the backup server sure isnt something that should happen.
Leo Rodriguez
It really doesn't matter if the working system had corrupted by any means (user operating error, virus, hacker, hardware malfunction) everybody is supposed to have a formal data backup plan that's written down that anybody (any trained administrator) can follow. OP's operation is shit because his company doesn't have a plan in operation or otherwise OP can't access the backup plan
Never had one of those randsomware things. But sounds like a cool job, I guess I'll do that when I get PTSD from programming at some point
Nathan Wilson
Its a program that generates and runs random code.
Eli Collins
That's called a browser.
Caleb Roberts
It's also possible that it's a pdf, sumatra pdf extends a bit more the function of PDF than muPDF (even if sumatra uses muhpdf). github.com/osnr/horrifying-pdf-experiments
This is possible too.
Topkek. It's possible that some ME vulnerability could have been used.
Brody Moore
Unsecure. unreliable and slows down your PC, why would you use one? Just disable downloads in Firefox or something so that your retards can't download anything. Then they can't download viruses. You should always have a backup anyway. Sure dude. Make sure Windows is not set automatically configure the DNS server. Reinstall to be safe.
