Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Strange servicepack.exe file (not service.exe) found.

From: Harlan Carvey <keydet89 () yahoo com>
Date: Wed, 17 Dec 2003 11:17:53 -0800 (PST)
James,


How fun is this, though - Symantec's response today
says the file contains
no malicious code. So nothing ever happened on the
machine that had to be rebuilt. Hmmmm.



From what I've seen (online, in courses, at work, etc)

this seems to be indicative of the state of incident
response in the Windows world.  Rather than developing
a methodolgy, or employing one of the many that are
already available, most organizations seem to prefer
to sink time and effort into rebuilding systems...even
if it may ultimately prove unnecessary.
  

Of course the servicepack.exe file could have been a
downloaded byproduct of
another infection on the affected machine.


May have been...but one will never know.  And if there
had been an "infection", it may have been something as
innocuous as simple spyware, rather than a worm
infection or a full out compromise.

Harlan


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: