How to ID attacker / source that has accessed computer w/ Blaster-Welchia worm?

  • Thread starter Thread starter Fred
  • Start date Start date
F

Fred

I was recently the victim of the Welchia worm, and know
for sure that my computer files / data have been accessed
and / or modified after the worm was activated. How do I
identify the source or attacking computer that has
manipulated and taken control of my computer? Is it the
person that sent the e-mail attachment that contained the
worm, or could it be anyone in the chain that sent the
original e-mail?

Any help at all would be appreciated.

Thanks!
 
There is really no way to know for sure. If you have a firewall with
advanced logging, you might be able to get an idea but what are you going to
do anyhow with that information? Many of these attacks are automated from
other infected machines that the user does not even have a clue. Possibly
your machine has been attacking other machines. Your main objective should
be getting your computer cleaned and take steps to protect yourself from
current and future risks. Number one item is to use a properly configured
firewall, then an antivirus program that scans all inbound/outbound emails
such as Norton. The antivrus program can be configured to automatically
update it's definitions. Finally secure your operating system, including
installing critical updates from Microsoft Update at least one a week - this
can also be done automatically on most operating systems. It is also the
computer owners repsonsibility to keep back ups of their critical data files
in case of a computer failure due to virus infection or hardware failure and
the resulting need for a total reinstall. --- Steve

http://www.microsoft.com/security/protect/
http://www.webattack.com/Freeware/security/fwfirewall.shtml
 
Back
Top