RE: ISA Server Crash

["JAVIER OTERO" <jotero () SMARTEKH com>]

If was WITTY you can use EASYRECOVER from ONTRACK, only the MBR was destroyed.
Remenber BACKUP.

Ing. Fco. Javier Otero De Alba
Diplomado en Seguridad Informática ITESM CEM 
ITStrap
Product Manager 
Neoteris 

5243-4782 al 84 Ext.300
México, D.F. 



-----Mensaje original-----
De: Jordan, Jason D. "Dallas" [mailto:Jason.Jordan () honeywell-tsi com]
Enviado el: Miércoles, 31 de Marzo de 2004 11:31 a.m.
Para: 'William Hays'; 'security-basics () securityfocus com'
Asunto: RE: ISA Server Crash


Sounds like it possibly could be the Witty worm.  It exploits Black Ice.  Maybe check this link out.  

http://securityresponse.symantec.com/avcenter/venc/data/w32.witty.worm.html


-----Original Message-----
From: William Hays [mailto:wjhays () sbcglobal net]
Sent: Tuesday, March 30, 2004 10:14 PM
To: Focus-MS Security List
Subject: ISA Server Crash


NEED HELP!!!!!!!!!!

Late last week my ISA Server crashed, it's running Windows 2000 Server
with ISA Server 2000 w/all SP's applied.  It also runs Surf Control and
Black Ice.

What makes this so urgent is that upon investigation immediately after
the crash I found that the C:\ partition (active O/S partition) was
somehow or another formatted.  What makes this even stranger is that the
system was up and running when this happened.  I know this because the
mirrored drive also was formatted.

Can anyone please shed some light on how this could have possibly
happened?  My bosses are wanting answers and I don't have any clues.
Can't figure it out, PLEASE HELP!!!!!!!

Thanks,
Bill


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, 
wireless security

Protect your network against hackers, viruses, spam and other risks with 
Astaro Security Linux, the comprehensive security solution that combines six 
applications in one software solution for ease of use and lower total cost 
of ownership. 

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_focus-ms_040301
---------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------