Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Fri, 14 Dec 2012 16:16:42 +0000 "Edward Ned Harvey (blu)" <blu at nedharvey.com> wrote: > norton/eset/mcafee/microsoft. It cleans, it passes the tests, and > two weeks later, that machine is infected again, but nobody else on > the network has the infection. Reformat once, and problem never > comes back. A while back we had a user's workstation infected with something, I don't remember exactly what. We wiped and reinstalled it (Windows XP), patched it to current, made sure that it was really clean based on load and network traffic (the malware had an identifiable traffic signature) and a scan with a Backtrack (IIRC) live CD. It was reinfected two days later. So we went back and this time around we got lucky and found the root cause: a PDF mail attachment. The actual file was stored in the user's mailbox on the mail server so the wipe never got rid of the initial vector. Sure enough, as soon as the user opened up that PDF again his computer was reinfected. At which point I swore at Adobe a lot. -- Rich P.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |