Author Topic: Do you know when your computer has been compromised or not?  (Read 2532 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33992
  • malware fighter
Do you know when your computer has been compromised or not?
« on: October 15, 2008, 07:20:57 PM »
Howdy malware fighters,

In light of Incident Handling, I thought it would be good to start with Step 0 and that is Detection.  Before you ever begin your incident handling process, you have to know you are compromised.  Sometimes it's readily apparent and sometimes it isn't.
Go here and check the ten signs: http://isc.sans.org/diary.html?storyid=5095
Starting with 0 and what you learn at this forum site is, learn how to detect malware on your box or an attempt to compromise your box. And now the other ten signs:
   1.  Your logging server hasn't logged any events or you haven't received alerts in the last 12 hours
   2.  Your FTP server/user hard drives etc. are suddenly out of disk space or maybe logs increase in size more than your normal variation
   3. Your competition's products looks just like yours, but have a prettier color scheme
   4. Your customers start receiving spam on email addresses they used only to sign up for your service
   5. You get machine acts "funny" report from users (i.e. windows closing by themselves, browser homepage changed, etc.)
   6. Someone needs help connecting to the company's wireless access point, you don't have a wireless access point
   7. Complaints that software (payment processing software, web browser, etc) keeps crashing
   8. Complaints from user(s) that passwords/logins aren't working
   9. Computer systems running unusually slow
  10. Visitors to your website complain that they get redirected to another site or one that just doesn't "look" right

If you have other indicators that you have encountered in the past that have clued you in to a compromise, please let Polonus know and he'll update this Sans Internet Storm Center's  list,

pol
 
« Last Edit: October 15, 2008, 07:22:40 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31078
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Do you know when your computer has been compromised or not?
« Reply #1 on: November 16, 2008, 05:34:57 AM »
Quote
I thought it would be good to start with Step 0 and that is Detection
Totally wrong!!! Thirst step is to gain knowledge. Especially about the OS a person is using and the hardware. Setup security properly and you (in theory) do not have to scan/try to detect anything.