Network Security: Detailed info on Re: Hacked again???

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Re: Hacked again???

from [Ansgar -59cobalt- Wiechers] Network Security

[Permanent Link]

Subject:	Re: Hacked again???
Date:	Mon, 27 Jun 2005 11:30:32 +0200

On 2005-06-21 Christoph 'knurd' Jeschke wrote:

Valentin Höbel schrieb:

so for the appearance of the process, he has to start the messenger
one time.


And the integrity of the msnmsgr.exe is important, too. Malware can
easily replace a existing msnmsgr.exe or simply create a new one at
another place (like Rbot did - especially if a user is over-
privileged.

To be sure, the OP should take sysinternals Process Explorer.


If he was using an overly privileged account that may not suffice, since
a rootkit may manipulate what Process Explorer gets to see. I would
recommend using RootkitRevealer in addition to Process Explorer. Even
better would be to boot some other system (Knoppix, BartPE, ... you name
it), get the checksum of the binaries in question and compare them to
the checksums on a known-good system.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Hacked again???, Mauricio Fernandez 答复: Hacked again???, Yu Haitao David Re: 答复: Hacked again???, Vijay Vikram Re: Hacked again???, Mark Bassett Re: Hacked again???, zilb Re: Hacked again???, Valentin Höbel Re: Hacked again???, Christoph 'knurd' Jeschke Re: Hacked again???, Ansgar -59cobalt- Wiechers <= Re: Hacked again???, Christoph 'knurd' Jeschke Re: Hacked again???, mod . sparda Re: Re: Hacked again???, s . omahony Re: Re: Hacked again???, Phil Cryer

Previous by Date:	RE: RE: Masters program for Information Security?, Vickers, Leonard J ERDC-ITL-VA
Next by Date:	Re: Nmap oprions, Jacob Bresciani
Previous by Thread:	Re: Hacked again???, Christoph 'knurd' Jeschke
Next by Thread:	Re: Hacked again???, Christoph 'knurd' Jeschke
Indexes:	[Date] [Thread] [Top] [All Lists]