Chapter 6. Hostile Code

A friend once confided to us his concern that they had a hacker working for their company. They were observing port scanning coming from a machine whenever the user was logged on. After examining the system and interviewing the user, it seemed unlikely that he was hacking, and they didn’t know what to do next. We asked them to run a full antivirus scan on the computer, and it took only a few seconds to find a hostile executable, Ataka. A quick check of the antivirus software vendor’s Web page provided the helpful information that the executable was a Trojan designed to flood specific Internet servers with TCP connection requests. The site also included instructions on removing Ataka.

Possession of some types of burglar ...

Get Computer Forensics: Incident Response Essentials now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.