[Dshield] WMF - Signs of compromise

David Taylor ltr at isc.upenn.edu
Tue Jan 3 09:57:36 GMT 2006

Since evil doers can insert code of choice into these files to compromise
your system does anyone know if exploiting the actual vulnerability leaves
some kind of evidence behind?  Such as eventlog entries, specific dump
files, etc?

I think it would be a moot venture to try and let our users know what to
look for as far as backdoors, keyloggers and the like but it would be nice
if there was a specific thing we could tell them to look for.

David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236

SANS - The Twenty Most Critical Internet Security Vulnerabilities 

SANS - Internet Storm Center

irc.freenode.net #dshield

More information about the list mailing list