Network Security: Detailed info on Re: Shutdown from NT-AUTHORITY\... = virus/attack?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Virus

[Top] [All Lists]

Re: Shutdown from NT-AUTHORITY\... = virus/attack?

from [Nick FitzGerald] Network Security

[Permanent Link]

Subject:	Re: Shutdown from NT-AUTHORITY\... = virus/attack?
Date:	Thu, 09 Sep 2004 21:57:17 +1200

Ansgar -59cobalt- Wiechers to me:

_How_ will he stay connected to WindowsUpdate, etc long enough to
download the necessary patches if his machine is connected to a LAN, or
straight to the Internet, where LSASS-exploiting malware is running
rife?


http://www.ntsvcfg.de/ntsvcfg_eng.html


Brilliant -- most useful link I've seen ages.

I always liked (and still do!) the technical description of resolving 
most of this stuff at:

   http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html.en

But for those who don't care about such details (or don't have the time 
to deal with each system service-by-service and port-by-port, this 
"canned" approach is great.

Of course, getting back to the my question, the original victim here 
would still be no better off if he were on a badly infested network and 
did not know the precise location of that URL...    8-)


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Shutdown from NT-AUTHORITY\... = virus/attack?, Peter Nabbefeld AW: Shutdown from NT-AUTHORITY\... = virus/attack?, Mike Aretz RE: Shutdown from NT-AUTHORITY\... = virus/attack?, Benjamin Cerny RE: Shutdown from NT-AUTHORITY\... = virus/attack?, Philip Wagenaar RE: Shutdown from NT-AUTHORITY\... = virus/attack?, Arndt . WA RE: Shutdown from NT-AUTHORITY\... = virus/attack?, McDonald, Gray RE: Shutdown from NT-AUTHORITY\... = virus/attack?, Nick FitzGerald Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Ansgar -59cobalt- Wiechers Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Nick FitzGerald <= Message not available Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Ansgar -59cobalt- Wiechers RE: Shutdown from NT-AUTHORITY\... = virus/attack?, Matthew.van.Eerde RE: Shutdown from NT-AUTHORITY\... = virus/attack?, Dan Denton RE: Shutdown from NT-AUTHORITY\... = virus/attack?, Nick FitzGerald Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Bruce Martins Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Ansgar -59cobalt- Wiechers Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Bruce Martins Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Larry Mitchell Re: Shutdown from NT-AUTHORITY\... = virus/attack?, James E. Bunting Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Larry Mitchell

Previous by Date:	RE: Shutdown from NT-AUTHORITY\... = virus/attack?, Matthew.van.Eerde
Next by Date:	RE: svcnxp32.exe ring a bell with anyone?, Jes
Previous by Thread:	Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Ansgar -59cobalt- Wiechers
Next by Thread:	Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Ansgar -59cobalt- Wiechers
Indexes:	[Date] [Thread] [Top] [All Lists]