Security Incidents mailing list archives

RE: Possible Zombie/Bot?

From: admin () systemstates net
Date: Sat, 17 May 2008 01:10:07 -0700

Hi Tony,

Never seen this before with a bot - would be worth running some of the
rootkit checking programs (e.g. Rootkit Revealer -
http://technet.microsoft.com/en-gb/sysinternals/bb897445.aspx) and
having a look through the startup entries using HijackThis.

Having said that, if it comes up 'clean', you still won't know for sure.
It might be better to scrub the box and start again from known good
backups.

cheers,

-- 
www.systemstates.net - penetration test / IDS / incident response



-------- Original Message --------
Subject: Possible Zombie/Bot?
From: "Tony Raboza" <tonyraboza () gmail com>
Date: Mon, May 12, 2008 2:08 pm
To: incidents () securityfocus com


I'm thinking this might be a sign that this PC is part of a botnet?
How can I be certain? And what kind of botnet/worm exhibit the
behavior as above?

Thank you very much.



Sincerely,
Tony

Current thread:

Possible Zombie/Bot? Tony Raboza (May 12)
- Re: Possible Zombie/Bot? john lokka (May 13)
- <Possible follow-ups>
- RE: Possible Zombie/Bot? admin (May 19)
  - Re: Possible Zombie/Bot? xelerated (May 19)