Full Disclosure mailing list archives
Re: stupid question again
From: Randall M <randallm () fidmail com>
Date: Fri, 11 Dec 2009 22:13:09 -0600
From: Randy It's an iPhone Thang! On Dec 11, 2009, at 9:26 PM, Tim <tim-security () sentinelchicken org> wrote:
i am so sorry. I just don't understand this. Computer is infected. user has DNS redirects to any and all site for help. Why can't the good guys use some type of fast flux or url obfuscation to hide help standalone software to down load and use? you know, maybe I am just so damn ignorant that what I think is a simple idea to use for Mcafee, F-secure and such to offer help is why its not used. I mean really, bad guys hide C&C and download server through such means, why can't the good guys? Someone just get right down and explain this crap to me. I am so adamant that this type of idea, though not fully fool proof, can't work.Hi RandallM, The answer is: Once you're infected, you shouldn't be trying to clean things. Reinstall. Need files off of that box first? Mount the drive under another OS, or better yet, use the sleuthkit to get them off. cheers, tim
Tim!!!!!!! NO!! Not the answer. Average user won't and don't know how and usually don't recieve install disks _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- stupid question again RandallM (Dec 11)
- Re: stupid question again frank^2 (Dec 11)
- Re: stupid question again Guy (Dec 11)
- Re: stupid question again RandallM (Dec 11)
- Re: stupid question again Valdis . Kletnieks (Dec 11)
- Re: stupid question again RandallM (Dec 11)
- Re: stupid question again Tim (Dec 11)
- Re: stupid question again Randall M (Dec 11)
- Re: stupid question again Tracy Reed (Dec 12)
- Re: stupid question again Randall M (Dec 11)
- <Possible follow-ups>
- Re: stupid question again Pradip Sharma (Dec 13)
- Re: stupid question again frank^2 (Dec 11)