Phishing & BotNets
Worm Origin Oct 23 2005 08:37AM
Joel A. Folkerts (jfolkert hiwaay net) (3 replies)

A user admitted to a confidential source she released a virus on her small
LAN. Before I was able to seize and image the user's machine, a local
sysadmin scanned the small LAN with NAV and found several machines were
infected with W32.Korgo.X
). We subsequently seized and imaged the machine found where NAV has
quarantined the virus on the user's machine.

Is there a definitive method to determine if the user started the local
infection or was merely another victim in the infection. My theory is that
she downloaded the virus from a hack website and manually began the
infection. Any help would be greatly appreciated!


"Illegitimis non carborundum."
Latin translation: "Don't let the bastards grind you down."

[ reply ]
RE: Worm Origin Oct 23 2005 08:16PM
Omar A. Herrera (omar herrera oissg org)
Re: Worm Origin Oct 23 2005 04:35PM
crazy frog crazy frog (i m crazy frog gmail com)
Re: Worm Origin Oct 23 2005 02:39PM
Matteo G.P. Flora (lk lastknight com) (1 replies)
Re: Worm Origin Oct 26 2005 12:54PM
Marco Monicelli (marco monicelli marcegaglia com)


Privacy Statement
Copyright 2010, SecurityFocus