Re: XP PRO Hack Attack--How?

This is the most clever thing I have ever seen, and I
would really like to know if anyone can explain in detail how it was
deployed on my machine. I cannot understand how it passed through ZA to
begin with. The only thing I can tie it to is my leaving the machine in the
DMZ, and possibly a site for an online Taipei game that a member of my
family visited. The new Windows Live Messenger might also be suspect as that
whole program looks like a security breach.

RD

Without knowledge of your setup it really is a game of guess work. Why
is the only entry point the DMZ? Are you networked? What kind of
software (besides Messenger) do you run that could be vulnerable to
worms? What services do you have enabled? What kind of sites do you
visit, what's your default browser? How updated is your OS? How is ZA
configured, are there security advisories for ZA, is it UPNP
compatible? Who else uses your computer and what is their knowledge of
security? I could go on and on...

I didn't see a single info addressing these points so what you're
going to get in response is a bunch of guesses. If you want to do
investigative work on your PC, start off by looking at the compromised
file's timestamp. It *may* offer some insight as to the time when you
were breached and either corroborate your DMZ suspicion or point to
something else you were doing at the time. My *guess* is that it
hadn't anything to do with DMZ; striking an attack head-on to a
firewall (ZA in your case) is harder to do and frankly there are so
many other vulnerable components/computers that it's not worth the
hackers effort. He can do it through much easier means and there are
easier targets.

But honestly, in the end you are not going to get any significant
knowledge other than "anything can be breached". 0day threats are
appearing all the time, some don't rely on ANY user intervention,
rootkit technology is developing, hackers are deviating efforts to
other components besides the OS (drivers, PDF and other multimedia
files, and even security apps-YES!). Firewalls are far from being a
panacea.

The single most important knowledge I would take from your incident is
never to rely on ANY security setup. Firewalls, as many on this board
will tell you, are not infallible and to some are even useless. The
important is to practice safe HEX, keep your security measures up to
date and know that even though you do everything by the book you may
still one day get infected. Which is why a good backup strategy should
always be part of your security solution.

.

Quantcast