Phishing & BotNets
Worm Origin Oct 23 2005 08:37AM
Joel A. Folkerts (jfolkert hiwaay net) (3 replies)
List:

BACKGROUND
A user admitted to a confidential source she released a virus on her small
LAN. Before I was able to seize and image the user's machine, a local
sysadmin scanned the small LAN with NAV and found several machines were
infected with W32.Korgo.X
(http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.korgo.x.
html
). We subsequently seized and imaged the machine found where NAV has
quarantined the virus on the user's machine.

QUESTION
Is there a definitive method to determine if the user started the local
infection or was merely another victim in the infection. My theory is that
she downloaded the virus from a hack website and manually began the
infection. Any help would be greatly appreciated!

-Joel

---
"Illegitimis non carborundum."
Latin translation: "Don't let the bastards grind you down."

[ reply ]
RE: Worm Origin Oct 23 2005 08:16PM
Omar A. Herrera (omar herrera oissg org)
Re: Worm Origin Oct 23 2005 04:35PM
crazy frog crazy frog (i m crazy frog gmail com)
Re: Worm Origin Oct 23 2005 02:39PM
Matteo G.P. Flora (lk lastknight com) (1 replies)
Re: Worm Origin Oct 26 2005 12:54PM
Marco Monicelli (marco monicelli marcegaglia com)


 

Privacy Statement
Copyright 2010, SecurityFocus