Quantcast
Channel: TechNet Blogs
Viewing all articles
Browse latest Browse all 36188

Zero-Day Malware Attacks

September 4, 2015, 12:03 am
$
0
0

I will continue my common scenarios series with an article about Zero Day Malware. We have seen this in the past several times and it affects the end-user, the network itself and also the business.

The reasons for receiving a zero-day malware are vast and to be proactive on such an issue, you do have some options to protect your organization:

- One of them was covered in a previous article Aggressive Malware Protection in Office 365

- Soon, Administrators will be able to block specific file types by using only a check-box. This is known as Common Attachment Blocking and you will see it in the near future on your Office 365 tenant. I will come back with an article about it as soon as it reaches public availability.

So, coming back to the issue, let's see how you can get reactive on this.

Let's consider the following scenario: A customer experiences a zero-day issue that effects the entire environment as the malware was sent to a Distribution Group. Local antivirus didn’t catch the Malware either. As there is no database scanning of malware files in Office 365, we will have to somehow get rid of these malicious files from the mailboxes. In this case, we would like to find a way to search all users mailboxes for the Malware-containing-email received on the specific date(s) with specific Subject and delete these emails from all mailboxes.
First you need to be assigned the following management roles to search for and delete messages in users' mailboxes:
- Mailbox Search - This role allows you to search for messages across multiple mailboxes in your organization. Administrators aren't assigned this role by default. To assign yourself this role so that you can search mailboxes, add yourself as a member of the Discovery Management role group. See Assign eDiscovery permissions in Exchange.
- Mailbox Import Export - This role allows you to delete messages from a user's mailbox. By default, this role isn't assigned to any role group. To delete messages from users' mailboxes, you can add the Mailbox Import Export role to the Organization Management role group. For more information, see the "Add a role to a role group" section in Manage role groups .

Add-RoleGroupMember -Identity "Discovery Management" -Member mihac

Log out and back in PowerShell as you will now have the Search-Mailbox command

To search messages and log the search results you would need to run the below commands

Search-Mailbox -Identity "mailbox you are looking to search" -SearchQuery 'Subject:"Subject of the message”' -TargetMailbox administrator -TargetFolder "SearchAndDeleteLog" -LogOnly -LogLevel Full

NOTE:  (When you use the Search-Mailbox cmdlet with the DeleteContent switch, messages are permanently deleted from the source mailbox)

Search-Mailbox -Identity "mailbox you are looking to search" -SearchQuery ' Subject:"Subject of the message"' –DeleteContent

The below command will delete messages based on a specific time frame, subject and looking at all mailboxes

Get-Mailbox -ResultSize Unlimited | Search-Mailbox -SearchQuery '(received:07/21/2015..07/24/2015) AND (Subject:Subject of the message)' -DeleteContent -force

The following TechNet article provides additional information on hosted mailbox search: Search and delete messages.

Usually, a new malware will be blocked in about 24hrs. Bare in mind that Office 365 is using three different engines, one of which is Microsoft's one. You can submit the malware to our AV Analysts and a signature will be created for that and you can also check on VirusTotal what is the coverage of that particular file on all commercial AV engines with their latest updates.
Bare in mind that from the time that a signature was deployed for that particular malware, it will take a couple of hours to get these updates replicated to all Office365 servers.

 

 

Search
Viewing all articles
Browse latest Browse all 36188

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

ОЧІ В ОЧІ – Синоніми – Single [iTunes Plus M4A]

June 18, 2025, 10:59 am

Conman who lived a life of luxury is jailed

August 1, 2014, 11:10 pm

Moondru Mudichu 21-07-2016 – Polimer tv Serial

July 21, 2016, 9:13 am

Download – The Last Ship 1ª Temporada RMVB Dublado – MEGA

October 7, 2014, 5:52 pm

VIDEO2BRAIN - GETTING STARTED WITH ILLUSTRATOR CS6

August 5, 2012, 5:17 am

Nalgonda District Police Office Mobile Numbers List in Telangana State

May 29, 2017, 8:30 pm

Group Policy Update Monitor False alerts

May 5, 2020, 2:29 am

Pass through scenario in SAP PI with no mapping for File to IDoc and Idoc to...

August 8, 2014, 6:49 am

QUIZ: Are You Smart Enough To Be A US Marine?

September 3, 2019, 1:08 pm

SAHARA FLASH LIVE IN WERAGOLLA 2018-04-20

November 26, 2021, 5:21 am

NCERT Solutions for Class 9th Sanskrit Chapter 3 पाथेयम्

December 22, 2016, 3:50 am

The 10 Tennessee Cities With The Largest Black Population For 2021

December 21, 2020, 10:12 am

ZARIA CUMMINGS

February 20, 2017, 7:44 pm

Cheltenham man avoids prison after glassing girlfriend

August 30, 2013, 10:00 pm

Storage DRS Fault won't clear

November 5, 2012, 12:13 pm

99 God Status for Whatsapp, Facebook

June 5, 2016, 11:46 pm

Shatta Wale – You Shock Me (Prod. by Willis Beatz)

May 11, 2017, 9:28 pm

Top 10 FBB OnlyFans & Muscle Girl OnlyFans in 2023

March 3, 2023, 11:29 am

NOTES ZA GENERAL CHEMISTRY ZA NGAIZA

April 4, 2019, 11:38 pm
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>