Security Incidents mailing list archives
RE: Strange servicepack.exe file (not service.exe) found.
From: Harlan Carvey <keydet89 () yahoo com>
Date: Wed, 17 Dec 2003 11:17:53 -0800 (PST)
James,
How fun is this, though - Symantec's response today says the file contains no malicious code. So nothing ever happened on the machine that had to be rebuilt. Hmmmm.
From what I've seen (online, in courses, at work, etc)
this seems to be indicative of the state of incident response in the Windows world. Rather than developing a methodolgy, or employing one of the many that are already available, most organizations seem to prefer to sink time and effort into rebuilding systems...even if it may ultimately prove unnecessary.
Of course the servicepack.exe file could have been a downloaded byproduct of another infection on the affected machine.
May have been...but one will never know. And if there had been an "infection", it may have been something as innocuous as simple spyware, rather than a worm infection or a full out compromise. Harlan --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Strange servicepack.exe file (not service.exe) found. Chip Mefford (Dec 16)
- RE: Strange servicepack.exe file (not service.exe) found. Bojan Zdrnja (Dec 17)
- SV: Strange servicepack.exe file (not service.exe) found. Peter Kruse (Dec 17)
- Re: Strange servicepack.exe file (not service.exe) found. Eric Chien (Dec 17)
- RE: Strange servicepack.exe file (not service.exe) found. James C Slora Jr (Dec 17)
- RE: Strange servicepack.exe file (not service.exe) found. John Ives (Dec 17)
- RE: Strange servicepack.exe file (not service.exe) found. Rob Shein (Dec 18)
- RE: Strange servicepack.exe file (not service.exe) found. John Ives (Dec 18)
- RE: Strange servicepack.exe file (not service.exe) found. James C Slora Jr (Dec 17)
- RE: Strange servicepack.exe file (not service.exe) found. Harlan Carvey (Dec 17)
- RE: Strange servicepack.exe file (not service.exe) found. James C Slora Jr (Dec 17)
- RE: Strange servicepack.exe file (not service.exe) found. Harlan Carvey (Dec 18)
- RE: Strange servicepack.exe file (not service.exe) found. David Gillett (Dec 18)
- Re: Strange servicepack.exe file (not service.exe) found. Doug Foster (Dec 19)
- Re: Strange servicepack.exe file (not service.exe) found. dreamwvr () dreamwvr com (Dec 19)
- Administrivia: Dead Thread - Strange servicepack.exe file (not service.exe) found. Dan Hanson (Dec 19)
- RE: Strange servicepack.exe file (not service.exe) found. Lucretia (Dec 19)
- <Possible follow-ups>
- RE: Strange servicepack.exe file (not service.exe) found. Kolde, Jennifer E. (Dec 18)