To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hi,
Thomas Raef wrote: > and therefore won't show-up in netstat. I've also personally seen > infections where they replaced the netstat.exe file with one that won't > show their connections. I was creating a webcast to show others how to > use netstat when I came across this information. > > Anyone with more expertise care to confirm or deny? Confirm. You can't trust ANYTHING you run on a compromised system, including netstat. EVER. > So to answer your question, I believe the only way is to watch the > traffic at the router/gateway. Close all programs and sit and watch for > any connections from that PC to the outside. With all programs closed, > you shouldn't see any traffic, unless it's set to autoupdate. Yes, this is a viable way to check for unwanted traffic. BTW, are there bots yet that communicate by means that don't usually arouse suspicion? A quick idea would e.g. be dns requests or something similar. Marco _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
