|
|
 |
| Posted: |
06 Sep 2007 |
| Published: |
01 Sep 2007 |
| Format: |
HTML
|
| Length: |
10
Page(s) |
| Type: |
Journal Article |
| Language: |
English |
|
ABSTRACT:
From all indications, something bad had happened. After installing an intrusion prevention system, the security team at UW Medicine spotted several machines trying to communicate with an IRC botnet server in France. Cindy Jenkins, a security engineer and computer forensics expert at the medical and research organization, immediately went on a hunt for clues behind the suspicious activity. Hours spent combing through images of the hard drives from the infected PCs turned up the attackers' tools: an IRC bot, a rootkit and an FTP server. Passive network scanning detected more compromised systems. To save time, Jenkins made hash sets--digital fingerprints--of the malware so she could look just for the hash sets when inspecting additional images. She determined the machines were infected 18 to 24 months earlier--before the IPS and other security measures were installed.
|
 |
AUTHOR:
Marcia Savage
Features Editor, Information Security
|
|
|
|
BROWSE RELATED RESOURCES:
Computer Forensics | Cybersecurity | Hackers | Industrial Espionage | Internal Threats | Intrusion Detection |
|
View All Resources
sponsored by Information Security Magazine |
 |
|
|
|
Cramsession Research Library Copyright © 1998-2008 Bitpipe, Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. TechTarget · 117 Kendrick St · Needham, MA · 02494
Use of this web site constitutes acceptance of the Bitpipe Terms and Conditions and Privacy Policy. cramsession@bitpipe.com
|
