| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Dec 2009 19:26:56 -0800 From: Tim <tim-security@...tinelchicken.org> To: RandallM <randallm@...mail.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: stupid question again > i am so sorry. I just don't understand this. Computer is infected. user has > DNS redirects to any and all site for help. Why can't the good guys use some > type of fast flux or url obfuscation to hide help standalone software to > down load and use? you know, maybe I am just so damn ignorant that what I > think is a simple idea to use for Mcafee, F-secure and such to offer help is > why its not used. I mean really, bad guys hide C&C and download server > through such means, why can't the good guys? Someone just get right down and > explain this crap to me. I am so adamant that this type of idea, though not > fully fool proof, can't work. Hi RandallM, The answer is: Once you're infected, you shouldn't be trying to clean things. Reinstall. Need files off of that box first? Mount the drive under another OS, or better yet, use the sleuthkit to get them off. cheers, tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists