Security Basics mailing list archives
RE: Best way to look for Worms/Malware
From: "Sachin Chadha" <sachin.chadha () aksitservices co in>
Date: Wed, 15 Sep 2010 10:05:22 +0530
Well I am writing paper on it.. just to give you are brief : Look for suspicious files in local drives ( C, D, E etc) Look for suspicious files in Windows, system 32 and in Temp Directory (if you find any try to Google) Run TCPView and process explorer and try to find malware Check autorun (msconfig, msinfo32) If the malware is known, you can find the location in the registry Check DNS entry ( ipconfig /displaydns), usually Trojans they will try to make remote connection Close all you applications and run wireshark to see what is going out from you card Go to command prompt and check for hidden files in local drive (dir /ah), also try attrib command Can also try Procmon from sysinternal, really very effective tool to find a malware Regards Sachin Chadha Information Security Consultant -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Henri Salo Sent: Tuesday, September 14, 2010 12:59 AM To: Todd Haverkos Cc: dhamm () cinci rr com; security-basics () securityfocus com Subject: Re: Best way to look for Worms/Malware -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 11 Sep 2010 10:34:51 -0500 Todd Haverkos <infosec () haverkos com> wrote:
Henri Salo <henri () nerv fi> writes:On Mon, 8 Feb 2010 11:52:34 -0700 dhamm () cinci rr com wrote:While this might be a question for the IDS mailing list, I think it is a good Security Basics question too, as I am sure many of us getting into Security will have a similar question. I have a client that wants to get an idea whether or not there is anything roaming on the background on the network. He is running on an older non managed switch network, and wants to know what would be a good way to set up some kind of detector, besides having patching and anti virus. So my question is, should he setup an IDS of some kind, preferably something that can be setup quickly, with the understanding that he wants to setup a more permanent IDS solution in the near future. Or should he do some sort of IDS/Honeypot combination? Any suggestions would be appreciated. Thanks, David HammMy sugestions: nmap, snort and nepenthes http://nmap.org/ http://www.snort.org/ http://nepenthes.carnivore.it/Snort is a very good suggestion. He'll need to get all network traffic to it, however, so his existing switch may not have a span port.
One can also configure IDS/IPS using pass-trough network-card or just configure it to be middle of the traffic as bridge. Best regards, Henri -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkyOe3gACgkQXf6hBi6kbk+2+gCfSDV5M5mHiHpFRkHE/q3HAHfE huoAnR5lNFLkuN7FHrLwRoYElynfRXZe =nbh3 -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Best way to look for Worms/Malware dhamm (Sep 10)
- Re: Best way to look for Worms/Malware Henri Salo (Sep 10)
- Re: Best way to look for Worms/Malware Todd Haverkos (Sep 13)
- Re: Best way to look for Worms/Malware Henri Salo (Sep 14)
- RE: Best way to look for Worms/Malware Sachin Chadha (Sep 15)
- Re: Best way to look for Worms/Malware Todd Haverkos (Sep 13)
- Re: Best way to look for Worms/Malware Henri Salo (Sep 10)