On Wed, 14 Sep 2005 00:01:17 BST, Paul Farrow said:
> Another thing you could do is install an anti-virus app or by some other
> means identify the worm that is active and possibly get a variant
> version id.
> Find out how the worm installs itself, reverse engineer it, and remove it.
If he's doing a pen test, the problem is "convince a PHB that having a zombie
on the net is bad, and the PHB requires a "show me" demo before accepting it"...
So unless he can rub the PHB's face in it ("See? this zombie on this
secretary's
desk will let a hacker in Eastern Europe whack our payroll database...."), the
site probably won't actually do anything about the security practices that let
a machine get whacked by whatever worm it was....
Attachment:
pgp9eGsxNQXjA.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/