Hi people,
At our company we have been experiencing some very odd problems recently. All of our desktops (approx 70) are protected by Panda (latest adminsecure/clientshield combo) and all our laptops (10) are protected by Avast.
This week we had an outbreak of sdbot on the desktops and a few occurences of sasser and something called trojan.gen on the laptops. How these got past avast/panda is a bit odd. We have also been having network problems. Specifically a whole lot of what appears to be random port scanning on ports we would not normally use. We are positive this is coming from somewhere internally and have gone to the extent of moving down to only using one switch with no access to the outside world....ie turned off the router! we have also cut off every machine and brought them on one by one to try and catch the wee blighter but as we discovered it does not start straight away all the time and so were unable to identify the host machine.
Does anybody have any suggestions of where/how to catch and stop this activity.....if it is not a variant of stumbler...anyone have any other thoughts?
Any help is much appreciated.
Thanks.
Chris