Full Disclosure mailing list archives
I Got Hacked. Now What Do I Do?
From: "A.H." <adolfohermosin () yahoo es>
Date: Wed, 19 May 2004 14:11:44 +0200
By Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I Security Program Manager Microsoft Corporation:
You can’t clean a compromised system by using some “vulnerability remover.” Let’s say you had a system hit by Blaster. A number of vendors (including Microsoft) published vulnerability removers for Blaster. Can you trust a system that had Blaster after the tool is run? I wouldn’t. If the system was vulnerable to Blaster, it was alsovulnerable to a number of other attacks. Can you guarantee that none of those have been run against it? I didn’t think so.
You can’t trust any data copied from a compromised system. Once an attacker gets into a system, all the data on it may be modified. In the best-case scenario, copying data off a compromised system and putting it on a clean system will give you potentially untrustworthy data. In the worst-case scenario, you may actually have copied a back door hidden in the data.
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx http://www.vsantivirus.com/derribar-reconstruir.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- I Got Hacked. Now What Do I Do? A.H. (May 19)
- Re: I Got Hacked. Now What Do I Do? Troels Bay (May 19)
- Re: I Got Hacked. Now What Do I Do? Paul Fraser (May 19)
- Re: I Got Hacked. Now What Do I Do? Dave Howe (May 19)
- Re: I Got Hacked. Now What Do I Do? Troels Bay (May 19)
- Re: I Got Hacked. Now What Do I Do? Harlan Carvey (May 19)
- <Possible follow-ups>
- Re: I Got Hacked. Now What Do I Do? A.H. (May 19)
- Re: I Got Hacked. Now What Do I Do? Troels Bay (May 19)