Security Basics mailing list archives

Re: Analyzing Suspicious Attachment

From: "Ali, Saqib" <docbook.xml () gmail com>
Date: Thu, 17 Jan 2008 09:53:02 -0800

Outside of the obvious policy and training issues, what is the best way to
determine what if any damage has been done to the network?  What tools do I
need to analysis the attachment to see what it is and how it works?


i would backup just the "data" files from the computers, re-image the
machine, and then restore the data files.

you can never fully determine the extent of the damage, so it is
better to re-image the machine.....

saqib
http://www.quantumcrypto.de/dante/

Current thread:

RE: Remote desktop access policy, (continued)
- - - RE: Remote desktop access policy Petter Bruland (Jan 18)
    - AW: Remote desktop access policy Johannes Lemmerer (Jan 18)
    - Re: Remote desktop access policy Josh Haft (Jan 18)
    - Re: Remote desktop access policy The Security Community (Jan 18)
    - Re: Remote desktop access policy Kurt Buff (Jan 19)
    - Re: Remote desktop access policy WALI (Jan 21)
    - Re: Remote desktop access policy Kurt Buff (Jan 21)
    - Re: Remote desktop access policy Gleb Paharenko (Jan 18)
    - Re: Remote desktop access policy Kurt Buff (Jan 19)
- Re: Analyzing Suspicious Attachment Geoffrey Gowey (Jan 17)
- Re: Analyzing Suspicious Attachment Ali, Saqib (Jan 17)
  - Re: Analyzing Suspicious Attachment brian . bevers (Jan 17)
- RE: Analyzing Suspicious Attachment Nick Vaernhoej (Jan 17)
- RE: Analyzing Suspicious Attachment Timmothy Lester (Jan 17)
  - RE: Analyzing Suspicious Attachment Richard Golodner (Jan 18)
    - Re: Analyzing Suspicious Attachment Josh Haft (Jan 18)
    - RE: Analyzing Suspicious Attachment Petter Bruland (Jan 18)
    - Re: Analyzing Suspicious Attachment Lee Hinman (Jan 18)
    - Re: Analyzing Suspicious Attachment Ansgar -59cobalt- Wiechers (Jan 18)
- Re: Analyzing Suspicious Attachment Dante Signal31 (Jan 18)
- Re: Analyzing Suspicious Attachment zenmasterbob123 (Jan 17)