[Dshield] WMF - Signs of compromise

David Taylor ltr at isc.upenn.edu
Tue Jan 3 09:57:36 GMT 2006


Since evil doers can insert code of choice into these files to compromise
your system does anyone know if exploiting the actual vulnerability leaves
some kind of evidence behind?  Such as eventlog entries, specific dump
files, etc?

I think it would be a moot venture to try and let our users know what to
look for as far as backdoors, keyloggers and the like but it would be nice
if there was a specific thing we could tell them to look for.


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshield
http://freenode.net/




More information about the list mailing list