Phishing & BotNets
Worm Origin Oct 23 2005 08:37AM
Joel A. Folkerts (jfolkert hiwaay net) (3 replies)
RE: Worm Origin Oct 23 2005 08:16PM
Omar A. Herrera (omar herrera oissg org)
Re: Worm Origin Oct 23 2005 04:35PM
crazy frog crazy frog (i m crazy frog gmail com)
hi,
try visiting histroy of her system(if not deleted).try determining the
sites may be you can get some clue there.another thing to look is
recent documents and all the histroy like run etc.also check
dwonlaoded files in the directories.
hopfully this can help you lil bit.
----
bam bam
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)

On 10/23/05, Joel A. Folkerts <jfolkert (at) hiwaay (dot) net [email concealed]> wrote:
> List:
>
> BACKGROUND
> A user admitted to a confidential source she released a virus on her small
> LAN. Before I was able to seize and image the user's machine, a local
> sysadmin scanned the small LAN with NAV and found several machines were
> infected with W32.Korgo.X
> (http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.korgo.x.
html
> ). We subsequently seized and imaged the machine found where NAV has
> quarantined the virus on the user's machine.
>
> QUESTION
> Is there a definitive method to determine if the user started the local
> infection or was merely another victim in the infection. My theory is that
> she downloaded the virus from a hack website and manually began the
> infection. Any help would be greatly appreciated!
>
> -Joel
>
> ---
> "Illegitimis non carborundum."
> Latin translation: "Don't let the bastards grind you down."
>
>

--

[ reply ]
Re: Worm Origin Oct 23 2005 02:39PM
Matteo G.P. Flora (lk lastknight com) (1 replies)
Re: Worm Origin Oct 26 2005 12:54PM
Marco Monicelli (marco monicelli marcegaglia com)


 

Privacy Statement
Copyright 2010, SecurityFocus