Security Incidents mailing list archives
Re: They got me!!!
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Wed, 5 Apr 2006 23:26:28 -0600
On 4/5/06, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa () pacbell net> wrote:
Before you do the proper thing and flatten it and reinstall from trusted sources..ask yourself your real intrusion points.... if the computer was merely "on", "people" should be able to get on the box without a. a backdoor implanted on their first probably by your teenagers surfing and downloading free software
You should verify this is the way they got in, you can do that by checking their browsing history and reviewing the event log for newly installed applications. Also, if you have the file that is infected, you can check the creation date, then search for other files modified in that time. Verify that your files havent been touched. Scan your critical docs/apps to see what the last accessed time is and compare that to the timestamp on the backdoor. The problem with forensics is that you have to have a plan in hand when you start the investigation. Performing a full scan with symantec will change the last accessed time, and you probably already deleted the backdoor, so it may be really hard to find out what was done to your system. If this is true, you should take only txt files and wipe and reload the machine. Also try NOD32 rather than symantec for AV. It is a lot harder to beat. -JP
Current thread:
- They got me!!! pentesticle (Apr 05)
- Re: They got me!!! Ivan . (Apr 05)
- Re: They got me!!! Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Apr 05)
- Re: They got me!!! Dude VanWinkle (Apr 06)
- RE: They got me!!! lucretias (Apr 06)
- Re: They got me!!! Eliah Kagan (Apr 06)
- Re: They got me!!! Valdis . Kletnieks (Apr 06)
- RE: They got me!!! David Gillett (Apr 06)
- RE: They got me!!! Terry Vernon (Apr 06)
- Re: They got me!!! l00t3r (Apr 06)
- Re: They got me!!! Jamie Riden (Apr 06)
- Re: They got me!!! l00t3r (Apr 06)
- Re: They got me!!! Colin Copley (Apr 06)
- <Possible follow-ups>
- RE: They got me!!! Levenglick, Jeff (Apr 06)
- Re: Re: They got me!!! john . fellers (Apr 06)
(Thread continues...)