Re: NT Partitions

Dave,

Agreed... something smells fishy here. The most important questions I would have are:

Who, if anyone, was responsible while you were away, and what is their level of expertise?

Who is telling you a virus is responsible, and what is their level of expertise? Did they even tell you which virus? Apparently not, or you wouldn't be asking this question. There's no way they can be sure it was a virus unless they ID'd it.

Is there anything left to do any analysis on, or did someone reinstall or restore everything onto the supposedly infected disk?

What sort of a system was this? Workstation, server...? Was anyone using it, or was it supposed to just do it's job until you got back without any interaction? Was it running anything that has been exploited recently? Was it exposed the the internet?

Dave

• Original Message ----- From: <mIbrahim@ma.panasonic.com.sg> To: "David Brown" <dave@mrbonzi.co.uk>; "De Velopment" <devel@www2.kparker.org> Cc: <focus-virus@securityfocus.com> Sent: Tuesday, May 13, 2003 5:42 PM Subject: Re: NT Partitions

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

>
> Hello David,
>
> Sometimes, we have to take the qualification of the person who claims "a
virus
> attack is an easy way to
"Format
> C" itself and didn't
Protection,
> you would probably need
determine
> what might includes analysing
<dave@mrbonzi.co.uk>
> arker.org> cc:
focus-virus@securityfocus.com
> Subject: Re: NT Partitions
readable,
> but blank, or inaccessible? Because another behavior of malware is to
access
> to the decryption routines and, therefore, can't access the hard drive.
have
> > virus protection running to download new dats in the morning and to
scan
> > at night and now am getting the blame for the crash. The crash
happened
> > on 28th February.
> >
> > Dave
>
>
> ------------------------------------------------------------------------

---

> Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,

the


> world's premier event for IT and network security experts.  The two-day


professionals.


> The two-day Briefings on May 14-15 features 24 top speakers with no


vendor

> sales pitches.  Deadline for the best rates is April 25.  Register today


to

>

> ensure your place.  http://www.securityfocus.com/BlackHat-focus-virus


----

>

>

>

>

>

>

>

>

>

> ------------------------------------------------------------------------

---

> *** Wireless LAN Policies for Security & Management - NEW White Paper


***

> Just like wired networks, wireless LANs require network security


policies

> that are enforced to protect WLANs from known vulnerabilities and


threats.

> Learn to design, implement and enforce WLAN security policies to


lockdown enterprise WLANs.

>

> To get your FREE white paper visit us at:


----

>

>



---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-focus-virus
----------------------------------------------------------------------------