lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Dec 2009 19:26:56 -0800
From: Tim <tim-security@...tinelchicken.org>
To: RandallM <randallm@...mail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: stupid question again

> i am so sorry. I just don't understand this. Computer is infected. user has
> DNS redirects to any and all site for help. Why can't the good guys use some
> type of fast flux or url obfuscation to hide help standalone software to
> down load and use? you know, maybe I am just so damn ignorant that what I
> think is a simple idea to use for Mcafee, F-secure and such to offer help is
> why its not used. I mean really, bad guys hide C&C and download server
> through such means, why can't the good guys? Someone just get right down and
> explain this crap to me. I am so adamant that this type of idea, though not
> fully fool proof, can't work.


Hi RandallM,

The answer is:  Once you're infected, you shouldn't be trying to clean
things.  Reinstall.

Need files off of that box first?  Mount the drive under another OS,
or better yet, use the sleuthkit to get them off.

cheers,
tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists