Farelf Posted February 21, 2013 Share Posted February 21, 2013 Mentioned in a previous topic was the use of Sysinternals' Process Explorer to detect malware operating on a PC. Finding an individual compromised machine somewhere on a LAN is a different matter and can present a huge challenge. Anyone faced with that is actually fortunate (in my estimation) if they are listed by cbl.abuseat.org because of the diagnostics and help pages offered by that group. Those "less" fortunate might like to consult the help page: http://cbl.abuseat.org/advanced.html - links to tools and to other resources are included there. The FAQ for the CBL site will be useful too - http://cbl.abuseat.org/faq.html DON'T overdo the use of the free CBL listing lookup tool on their webpage by the way - they're presently a bit sensitive about that and may warn you off after "too many" look-ups within a short time-span, with sterner measures to follow for any who don't heed. They're not even keen on direct DNSBL query - "Generally speaking, we prefer users to use the SpamHaus DNSBL system to get access to the CBL, instead of the CBL directly." I dare say the occasional lookup by researchers is not going to inconvenience them and they certainly are geared to support remediation efforts by those networks having CBL-listed IP addresses. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.