[Dshield] Microsoft on Rootkits and New Web Scam(s)...

Brian P. Donohue zbd at u.washington.edu
Tue Mar 1 07:46:02 GMT 2005


I can't really picture how hacker code could survive reformatting a hard
drive.  When we re-image, that's what we do - part of our imaging process
includes reformatting the drive.  If you're doing a single system manually,
reformat as part of the process of installation.

You can save work files that are not executable.  Everything else should be
destroyed. 

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of John B. Holmblad
Sent: Monday, February 28, 2005 09:32
To: General DShield Discussion List
Subject: Re: [Dshield] Microsoft on Rootkits and New Web Scam(s)... [u]

Brian,

my interpretation of the remarks submitted on behalf of Jon Portz suggests a
more draconian solution which is to "....get a new machine" 
as in,  new mother board/bios, HDD, and any other device with non-volatile
storage. Does your reimaging solution go this far? In other words are you
reimaging on a new system or on the same hardware?
-- 

Best Regards,

 

John Holmblad

 

Televerage International

GSEC,GCWN,GGSC-0100,NSA-IAM

 

(H) 703 620 0672

(M) 703 407 2278

(F)  703 620 5388

 

primary email address:  jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 

www page:                     www.vtext.com/users/jholmblad

text email address:        jholmblad at vtext.com

-------------- Sponsor Message ------------------------------------
SANS Intrusion Immersion Training: Orlando, FL, February 3-9th
http://www.sans.org/orlando05

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


-- 
---------------------[ Ciphire Signature ]----------------------
From: zbd at u.washington.edu signed email body (1419 characters)
Date: on 01 March 2005 at 07:46:06 UTC
To:   list at lists.dshield.org
----------------------------------------------------------------
: Ciphire has secured this email against identity theft.
: Free download at www.ciphire.com. The garbled lines
: below are the sender's verifiable digital signature.
----------------------------------------------------------------
00fAAAAAEAAAC+HSRCiwUAAE4CAAIAAgACACCzQCMkhJYzZqf73rI7Tj+5LWVxPA
gz+yu+IgaGKFQflQEADcV7iKod4Dd2dwL6x/ED+I64YqWI7Wen6jr3Q9slmCZY6m
TldhZHpvYcCf8Dek51EgnjHgO5WtsfImy4cjV1eg==
------------------[ End Ciphire Signed Message ]----------------




More information about the list mailing list