We have had several cases reported to us here of machines that were cleaned, patched, and then re-introduced to the network that ran fine for the past 4 days, and then boom this morning at around 10 am MST they became re-infected. Has anyone else seen this kind of incident? We had gone so far as to check the dates, versions, and sizes, of the three dlls involved in the patch, in addition to the add remove programs showing that it was patched, in addition to the patch file listed in the system root folder, in addition to scanning the machine with the Eeye blaster scanning tool and the Microsoft blaster scanning tool and also scanning it with the FixBlast.exe tool from Symantec and the Stinger.exe tool from McAfee.....Everyone of these had shown that the machine was clean and patched on Friday, and then boom, mid-morning this morning the machine gets re-infected. Any suggestions, ideas, or experiences would be much appreciated. Thanks, Alex O. Ostberg Data Security Analyst / State of Montana --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 18 2003 - 11:11:15 PDT