Please create an account to participate in the Slashdot moderation system


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Why you should wipe the drive after a compromise (

UnderAttack writes: "After a malware infection, or a compromise of the system in a more targeted attack, there is always a push to get "back into business" as quickly as possible. The malware artifact is quickly removed and the system is put back into service without too much scrutiny. Sadly, this way backdoors and other hidden gifts the attacker left behind are frequently overlooked. The result is that the system is compromised again quickly. The only real solution is wiping the drive and starting from scratch (and hoping that you have decent backups). This two part series by Mark Bagget makes this point by outlining some of the tricks an attacker may use to hide backdoors and to have them automatically executed on a system. Part 1 talks about how to usurp the windows update process to reinstall malware, and Part 2 shows how to use the unescaped space bug and the service restart tool to get the malware to start."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Why you should wipe the drive after a compromise

Comments Filter:

Possessions increase to fill the space available for their storage. -- Ryan