Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Security Incidents: RE: Possible Zombie/Bot?

RE: Possible Zombie/Bot?

From: <admin_at_systemstates.net>
Date: Sat, 17 May 2008 01:10:07 -0700

Hi Tony,

Never seen this before with a bot - would be worth running some of the
rootkit checking programs (e.g. Rootkit Revealer -
http://technet.microsoft.com/en-gb/sysinternals/bb897445.aspx) and
having a look through the startup entries using HijackThis.

Having said that, if it comes up 'clean', you still won't know for sure.
It might be better to scrub the box and start again from known good
backups.

cheers, 

-- 
www.systemstates.net - penetration test / IDS / incident response
-------- Original Message --------
Subject: Possible Zombie/Bot?
From: "Tony Raboza" <tonyraboza_at_gmail.com>
Date: Mon, May 12, 2008 2:08 pm
To: incidents_at_securityfocus.com
I'm thinking this might be a sign that this PC is part of a botnet?
How can I be certain? And what kind of botnet/worm exhibit the
behavior as above?
Thank you very much.
Sincerely,
Tony
Received on May 19 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]