Re: [Articulo] Blaster-Sasser: nuevos sistemas de INTRUSION. Planteamiento y solucio
From: NetNut (nospam_at_yahoo.com)
Date: 05/04/04
- Next message: Dublevay: "Re: Windows Explorer Right-click problem"
- Previous message: Tim Foley: "Disabling unwanted new welcome/logon screen in XP Home"
- In reply to: Diego Calleja García: "Re: [Articulo] Blaster-Sasser: nuevos sistemas de INTRUSION. Planteamiento y solucio"
- Next in thread: Bruce Chambers: "Re: [Articulo] Blaster-Sasser: nuevos sistemas de INTRUSION. Planteamiento y solucio"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 4 May 2004 16:04:55 -0700
Utter Nonsense!
I, for one, am very thankful to all of those here who have given me the
knowledge to retrieve vital data from two infected computers.
Had I been following the posts in your newsgroup I would have been very
disappointed indeed by the extreme advice 'You must reformat'.
Perhaps a repair of the virus, a backup of data not yet backed-up and a
clean reinstall (if by the CHOICE of the user it is deemed prudent) is the
way to go. But to jump right to the statement 'You Must Reformat' is both
extreme, Untrue and Utter Nonsense.
The NetNut
"Diego Calleja García" <diegocg-yoquetuestoloquitaba-@teleline.es> wrote in
message
news:20040504142819.5243d939.diegocg-yoquetuestoloquitaba-@teleline.es...
El Tue, 4 May 2004 05:02:36 -0700 "Iluminada"
<anonymous@discussions.microsoft.com> escribió:
For those who are wondering what is this message about:
I must notice that in the microsoft.public.es.* newsgroups we have several
trolls who are trying to descredit MVP's. In this case, we're arguing that
after being infected with the Sasser virus the _right_ solution is not just
desinfecting the virus, but formating the whole system.
Why? Because:
1) The infection doesn't need to be the Sasser virus. It could be a remote
exploit tool. Several tools for such tasks have been found. So when
you're
infected and the lsass countdown appears you don't really know if it's
sasser what's infecting you.
2) Even if it's a true worm, you can't know if it's Sasser, a new Sasser
variant, or a different virus not related with sasser. Those could have
unknow effects.
3) Even if it's the true sasser, there's a window between the moment when
you're
infected and the moment when you remove the virus. As you know, Sasser
opens
in your computer a remote shell (and a FTP service). That means that a
script
kiddie can be launching new sasser viruses against know IPs and trying to
access the remote shell in port 9996.
That means that in the moment you're infected you just can't know what has
happened on your computer. A rootkit could have been installed, or some
variant
of a trojan, And since there's lots of critical data (passwords, bank
accounts, digital certificates, personal data) on your computer the _one_
right
solution to this is _formatting_. It's not nice. It's no easy, but it's the
_one_ way you can be sure that your computer it's really clean.
- Next message: Dublevay: "Re: Windows Explorer Right-click problem"
- Previous message: Tim Foley: "Disabling unwanted new welcome/logon screen in XP Home"
- In reply to: Diego Calleja García: "Re: [Articulo] Blaster-Sasser: nuevos sistemas de INTRUSION. Planteamiento y solucio"
- Next in thread: Bruce Chambers: "Re: [Articulo] Blaster-Sasser: nuevos sistemas de INTRUSION. Planteamiento y solucio"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
