2 Questions:
1) How does one go about back tracking a virus outbreak to it's source?
2) AV detects and cleans a "trapdoor.pif" and "netspy"....how does one go about determining how it got onto the machine?
Printable View
2 Questions:
1) How does one go about back tracking a virus outbreak to it's source?
2) AV detects and cleans a "trapdoor.pif" and "netspy"....how does one go about determining how it got onto the machine?
What kind of virus are you referring to? You can get a virus all kinds of ways. If you mean one of the common e-mail worms that are going around you track it to the person that sent it to you(e-mail host) then to the person that sent it to them ...and so on and so on until you get to the last e-mail host on the list..you then track it to the account that sent it to the last host(by IP)
If you are referring to a boot sector virus or something of that nature...it has to be physically loaded(there are exceptions as you will see in the following posts I'm sure) either by a program you downloaded or a disk you booted from. The best way is to report the virus to the proper authorities....hehe they will track it down if its a new one and is deemed a sufficent threat.
I'm not to good with AntiViral Kits...but I suppose the people at [Norton; McAfee] the labs infect their own set up PC with the virus. And they run a 'sniffer' of some sort to track it's movements. When they see what it can do and what it does. They just make a patch for their product to scan for a 'signiture' of the virus.
And for tracking it down to it's source...you've bogged me. :rolleyes:
************************************************'
* Warning: This is speculation
*************************************************
I have heard that some virus's are actually developed by the anit-virus companies and Universities. Not for malicious purpose of course, rather the study of virus writing. Ocassionally these projects get released into the wild. As for tracking down a virus to it's source, I am sure that the FBI knows, and there has to be some person or company that has expertise and has probably witten a paper on it.
Antihaxor definitely has the right idea. Insofaras checking to see which file brought in the virus, most AV programs have a quarantine option. Use this, then determine which one of the programs came to your computer through an outside source. It's not really that hard. Your local FBI division can be quite helpful in bringing the original culprit to justice. It looks good for them, too.
My Brethren!
Trust no one: especially where there is money involved.
Being a conspiracy theorist from way, way back, I have this ever insatiable, nagging feeling that all of the anti-virus companies and The New World Order are somehow up to their collective asses in keeping the consumer needing to buy unending anti-virus patches, upgrades, and pattern files!!
Once again the question is not, are you paranoid, but are you paranoid enough?
Viruses are usualy writen by children who simply get a kick oout of it, how ever, these rarely infect more that 300 systems.
A dedicated coder would use PGP internal Encryption (which is practicaly imposible to decode)
and use a Command-wrapper to make shure it wouldent get traced.
One fatal mistake of almost every coder is tht the virus lingers after haveing deliverd the
Pay-load/War-head, this makes it possible to obtain the source and produce an "anti-code" if you will