Security Incidents mailing list archives
RE: Possible Zombie/Bot?
From: admin () systemstates net
Date: Sat, 17 May 2008 01:10:07 -0700
Hi Tony, Never seen this before with a bot - would be worth running some of the rootkit checking programs (e.g. Rootkit Revealer - http://technet.microsoft.com/en-gb/sysinternals/bb897445.aspx) and having a look through the startup entries using HijackThis. Having said that, if it comes up 'clean', you still won't know for sure. It might be better to scrub the box and start again from known good backups. cheers, -- www.systemstates.net - penetration test / IDS / incident response -------- Original Message -------- Subject: Possible Zombie/Bot? From: "Tony Raboza" <tonyraboza () gmail com> Date: Mon, May 12, 2008 2:08 pm To: incidents () securityfocus com I'm thinking this might be a sign that this PC is part of a botnet? How can I be certain? And what kind of botnet/worm exhibit the behavior as above? Thank you very much. Sincerely, Tony
Current thread:
- Possible Zombie/Bot? Tony Raboza (May 12)
- Re: Possible Zombie/Bot? john lokka (May 13)
- <Possible follow-ups>
- RE: Possible Zombie/Bot? admin (May 19)
- Re: Possible Zombie/Bot? xelerated (May 19)