Comments for [R|H]ack

Comment on Detecting the first signs of a compromise by Evan

Evan — Mon, 17 Jan 2011 21:58:17 +0000

Nice post! I particularly like the use of “!!$”. One small nitpick, though, and I know this is an old post so you may very well know this by now, but the -a in netstat -plan makes the -l redundant, since -a shows both listening and established connections. I do like the mnemonic of -plan though

I personally tend to separate the listings into -antp and -anup, leaving -anxp for IPC research if lsof or ps are suspicious.

Comment on Dissection of a Zbot spam by Xmitter Technologies » Blog Archive » Email Phishing Warning

Xmitter Technologies » Blog Archive » Email Phishing Warning — Mon, 19 Oct 2009 22:46:37 +0000

[...] has written a detailed report about a complex phishing email that has been sighted in the wild. This phishing message makes use [...]

Comment on Dissection of a Zbot spam by kale

kale — Wed, 14 Oct 2009 23:34:32 +0000

Hello Ricardo,

First step is to run some anti-virus on their computer! F-Secure has an online scanner available here, which should be able to detect this Zbot variant and clean his computer. After the virus is removed, educate your coworker to not click on links from strangers

Comment on Dissection of a Zbot spam by Ricardo

Ricardo — Wed, 14 Oct 2009 17:51:32 +0000

Hello, today a coworker got an email like this and clicked on the link. What should I do?

Dear user of the idiomasperucom mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (elsol_soporte@idiomasperu.com) settings were changed. In order to apply the new set of settings click on the following link:
http://idiomasperu.com/owa/service_directory/settings.php?email=elsol_soporte@idiomasperu.com&from=idiomasperu.com&fromname=elsol_soporte
Best regards, idiomasperu.com Technical Support.

Please give me some advice. I think this is a current massive phishing attack.