Security Basics mailing list archives
Re: Analyzing Suspicious Attachment
From: "Dante Signal31" <dante.signal31 () gmail com>
Date: Fri, 18 Jan 2008 14:00:27 +0100
Hello Al, I recommend you this book: http://www.amazon.com/gp/product/0321240693 It's a great introduction to the topic of digital forensics. In fact, it has an entire chapter devoted to your specific question ("I have one of my host infected, how can I know if any damage has been done to my network?"). Regards Dante 2008/1/17, Al Cooper <cooper () hmcnetworks com>:
We had a user open a suspicious attachment. The attachment did not open so she sent it to two of her colleges. One of her colleges was also unable to open the file, but the third person did successfully open the file. The attachment did not match the original email and IT was eventually called, a few hours later. The three computer have been removed from the network. I have the attachment. It is a zip file. Inside the zip file is one .scr file. The antivirus (Symantec) did not catch anything when the file was opened. The email is an HTML email and there are pictures that can be downloaded. Outside of the obvious policy and training issues, what is the best way to determine what if any damage has been done to the network? What tools do I need to analysis the attachment to see what it is and how it works? Thanks for your help, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- Re: Analyzing Suspicious Attachment, (continued)
- Re: Analyzing Suspicious Attachment Geoffrey Gowey (Jan 17)
- Re: Analyzing Suspicious Attachment Ali, Saqib (Jan 17)
- Re: Analyzing Suspicious Attachment brian . bevers (Jan 17)
- RE: Analyzing Suspicious Attachment Nick Vaernhoej (Jan 17)
- RE: Analyzing Suspicious Attachment Timmothy Lester (Jan 17)
- RE: Analyzing Suspicious Attachment Richard Golodner (Jan 18)
- Re: Analyzing Suspicious Attachment Josh Haft (Jan 18)
- RE: Analyzing Suspicious Attachment Petter Bruland (Jan 18)
- Re: Analyzing Suspicious Attachment Lee Hinman (Jan 18)
- RE: Analyzing Suspicious Attachment Richard Golodner (Jan 18)
- Re: Analyzing Suspicious Attachment Ansgar -59cobalt- Wiechers (Jan 18)