Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Need some advice for a new customer
From: Red Leg <redleg18 () gmail com>
Date: Mon, 13 Feb 2006 10:34:01 -0500

Hi all.

I have recently acquired a new customer who had a new version (dropped a new
exe file - one that hasn't been seen before they were infected - in the
system32 sub-directory) the sdbot worm blow through every machine on their
network. The worm is definitely one of the sdbot.worm.gen variants. And,
yes, the computer that held their customer credit card info was definitely
infected. The I.T. People at this firm failed to patch, or even have a plan
to patch the Windows OS.

Here's the question:

Should the company notify their customers of a POSSIBLE compromise of their
data? I have been trying to convince them that they should operate as though
the data is compromised. Is that the right position to take as a security

Thanks for your advice and time to think about this.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]