I got quite a chuckle out of a few of them, thanks. On Thu, Apr 28, 2011 at 2:17 PM, Josh More <[email protected]> wrote:
> I don't think you'll find one. Unless the infected system is set up with > an appropriate level of auditing and there are network logs to compare > against, the important data will be lost. > > Here are some questions. If they say "yes" to any of them, stop asking > questions, assume that that's the vector and take corrective action. This > will work well for you in something like 90% of these situations and fail > catastrophically in the other 10%. Identifying which is which is left as an > exercise to the reader. ;) > > * Is the user running as a local administrator? > * Is the system missing the most recent service pack? > * Is the system missing any security patches? > * Is the system running an older version of Adobe Reader? > * Is the system running an older version of Adobe Flash? > * Is the system running an older version of Oracle (or Sun) Java? > * Is the system running an older version of Mozilla Firefox, Google Chrome > or Opera? > * Is the system's firewall off? > * Can you download the files from www.eicar.org? > * Can you browse to porn sites? > * Can you browse gambling sites? > * If you plug a USB drive with an autorun file on it, does it run? > * Did the user anger the wrong people on the Internet? > * Is the user unlucky? > > -Josh More > > > On Thu, Apr 28, 2011 at 1:56 PM, Michael Lubinski < > [email protected]> wrote: > >> When people ask me, "how did i get infected?" >> >> What would you guys recommend as a good forensics tool to help unmask the >> avenue of infection? >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
