[olug] Security breach?

Dan Anderson dan-anderson at cox.net
Thu Jun 7 04:10:51 UTC 2012


Nice FUD Irish...

There's no legitimate reason to DBAN (or SecureErase or wipe, etc) a
hard disk after a hack/virus/root kit unless you've been attacked by
some sort of enhanced version of the "good times" virus
(http://www.cs.rutgers.edu/~watrous/goodtimes-spoof.html) that
re-infects you from a nearby refrigerator by reassembling the
disconnected blocks.  :)

Clear your partitions, re-write your boot sector and reinstall from
known clean media.

Although, I tend to agree with Aric.  This probably isn't actually
related to you or your system.  I get these sorts of SPAM messages
every couple of years when my friends (coincidentally - the people in
my address book) catch a Windows virus that spams everyone in their
outlook contact list.

And like Christopher says, there are some good file file
hashing/fingerprinting apps available, but they are better used
preemptively.

Dan

On Tue, Jun 5, 2012 at 11:43 PM, irish.masms <irish.masms at gmail.com> wrote:
> Having participated in and managed multiple Incident Response situations
> (aka Security breach cleanup); the only way you will be sure it is clean is
> wipe the drive (using DBAN) and reinstall.
>
> Will you sleep comfortably at night, trusting your system was cleaned? Or
> would you like to be SURE you are clean?



More information about the OLUG mailing list