Incidents
RE: Possible Zombie/Bot? May 17 2008 08:10AM
admin systemstates net (1 replies)
Re: Possible Zombie/Bot? May 19 2008 04:38PM
xelerated (xelerated gmail com)
Does anyone know which infection always has the NICK set to start with
a carat ^?

Thanks!

On Sat, May 17, 2008 at 4:10 AM, <admin (at) systemstates (dot) net [email concealed]> wrote:
>
> Hi Tony,
>
> Never seen this before with a bot - would be worth running some of the
> rootkit checking programs (e.g. Rootkit Revealer -
> http://technet.microsoft.com/en-gb/sysinternals/bb897445.aspx) and
> having a look through the startup entries using HijackThis.
>
> Having said that, if it comes up 'clean', you still won't know for sure.
> It might be better to scrub the box and start again from known good
> backups.
>
> cheers,
>
> --
> www.systemstates.net - penetration test / IDS / incident response
>
>
>
> -------- Original Message --------
> Subject: Possible Zombie/Bot?
> From: "Tony Raboza" <tonyraboza (at) gmail (dot) com [email concealed]>
> Date: Mon, May 12, 2008 2:08 pm
> To: incidents (at) securityfocus (dot) com [email concealed]
>
>
> I'm thinking this might be a sign that this PC is part of a botnet?
> How can I be certain? And what kind of botnet/worm exhibit the
> behavior as above?
>
> Thank you very much.
>
>
>
> Sincerely,
> Tony
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus