Forgot your password?
typodupeerror
Security

+ - Why you should wipe the drive after a compromise->

Submitted by
UnderAttack
UnderAttack writes "After a malware infection, or a compromise of the system in a more targeted attack, there is always a push to get "back into business" as quickly as possible. The malware artifact is quickly removed and the system is put back into service without too much scrutiny. Sadly, this way backdoors and other hidden gifts the attacker left behind are frequently overlooked. The result is that the system is compromised again quickly. The only real solution is wiping the drive and starting from scratch (and hoping that you have decent backups). This two part series by Mark Bagget makes this point by outlining some of the tricks an attacker may use to hide backdoors and to have them automatically executed on a system. Part 1 talks about how to usurp the windows update process to reinstall malware, and Part 2 shows how to use the unescaped space bug and the service restart tool to get the malware to start."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Why you should wipe the drive after a compromise

Comments Filter:

If the code and the comments disagree, then both are probably wrong. -- Norm Schryer

Working...