Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Shutdown from NT-AUTHORITY\... = virus/attack?

from [Bruce Martins] Network Security [Permanent Link]
Subject: Re: Shutdown from NT-AUTHORITY\... = virus/attack?
Date: Tue, 14 Sep 2004 09:39:34 -0400 
Actually in his case no ne would have enough time to use the back door, so he 
would be able to remove it offline and using tools like stinger from mcafee or 
manually removing, not saying he shouldn't format reinstall but they amy want 
to get somethings off of the computer before doing so

Bruce Martins 
Systems Administrator
EXTEND>>MEDIA
190 Liberty Street
Toronto, Ontario
M6K 3L5
_________________________
e :  bmartins@extend.com
t :  (416) 535-4222, ext 2307
f :  (416) 535-1201 
http://www.extend.com

--------------------------
Sent from my BlackBerry Wireless Handheld


-----Original Message-----
From: Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net>
To: focus-virus@securityfocus.com <focus-virus@securityfocus.com>
Sent: Sat Sep 11 01:12:36 2004
Subject: Re: Shutdown from NT-AUTHORITY\... = virus/attack?

On 2004-09-10 Bruce Martins wrote:

Would not running the command shutdown -A not stop the countdown?


Yes.


Allowing him to install the patches or figure out what is going on?
And remove any malicious programs


No.

Blaster, Sasser and their like come with backdoors. How will the user
make sure that noone/nothing had used this backdoor to install other
malware?

Once a box gets compromised the only responsible solution is rebuilding
it. Of course one would not want to use any binary (like hotfixes) from
an infected box, until the binary's integrity has been proved thru a
checksum, MD5 hash or something like that. Leaving you where you
started.

Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Ansgar -59cobalt- Wiechers
Next by Date:  identify anti virus software and signature version, cissper
Previous by Thread:  Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Ansgar -59cobalt- Wiechers
Next by Thread:  Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Larry Mitchell
Indexes:  [Date] [Thread] [Top] [All Lists]