Continued from page 1
After rebooting system in safe mode and reviewing event logs, I found cause of problem. The event log revealed that TCP/IP stack repeatedly exceeded maxim number of connections. I had fell victim to a local machine Denial Of Service attack.
In most cases, an event like this would reveal at least something out of ordinary; A registry entry, file, or service that should not be present. But not in this case.
The computers local drives were imaged to preserve their current state. The images were then submitted to our Anti-Virus and Firewall vendor research teams. As of today, they have not been able to determine exact cause of problem. They do know something malicious is going on, and are looking closely at TCP/IP stack and system process. Short-term investigation points in direction of one of these components being modified or corrupted. It's quite possible that a new vulnerability exists and I'm fairly confident they will be able to pinpoint it.
What's The Point
----------------
I've seen just about every type of exploit, vulnerability, and e-mail attack you can think of over years. Some items we uncover during security assessments would make your jaw drop.
It never ceases to amaze me how many people out there just don't care what kind of problems or damage they cause. It appears as if point of this recent e-mail attack was nothing more than to cause recipient grief, to put target computer out of business for a while. One things for sure, it resulted in a bad day for me. The time I had to put into investigating situation, and preparing images for delivery to our vendor, could have been spent working on something productive.
Conclusion
----------
Because of this event, we have configured a dedicated system who's sole purpose in life is to test potentially harmful url's. It is actually a virtual machine that if attacked, can be configured to its default state within seconds.
I can only imagine stress and frustration others without technical experience or resources must go through when something like this happens. I receive countless e-mails from our site visitors regarding their concern that they may have been attacked or compromised. I wish I could help them all out directly but that is not always a reality.
What I can do is share my experiences and recommendations. This is one of primary reasons why I enjoy writing articles as much as a do.
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for www.defendingthenet.com and several other e-zines.