|
Full Disclosure
mailing list archives
Re: stupid question again
From: Tim <tim-security () sentinelchicken org>
Date: Fri, 11 Dec 2009 19:26:56 -0800
i am so sorry. I just don't understand this. Computer is infected. user has
DNS redirects to any and all site for help. Why can't the good guys use some
type of fast flux or url obfuscation to hide help standalone software to
down load and use? you know, maybe I am just so damn ignorant that what I
think is a simple idea to use for Mcafee, F-secure and such to offer help is
why its not used. I mean really, bad guys hide C&C and download server
through such means, why can't the good guys? Someone just get right down and
explain this crap to me. I am so adamant that this type of idea, though not
fully fool proof, can't work.
Hi RandallM,
The answer is: Once you're infected, you shouldn't be trying to clean
things. Reinstall.
Need files off of that box first? Mount the drive under another OS,
or better yet, use the sleuthkit to get them off.
cheers,
tim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
