Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Jamezs

Jamezs Jamezs

Niner since 2012

  • Defrag Tools: #8 - Mark Russinovich

    Spoiler Alert Part II - Don't read this if you haven't read the Zero Day book. 

    After figuring out that the infection had been triggered by an incorrect date, a quick workaround would have been to rebuild the system, set the date to a time after 09/11, and then restore the data from backup.  Obviously Time Stamp issues would be a concern, but at least the system would be up and running and the data would be accessible, etc.  That would give Jeff's client breathing room until a patch becomes available from the Vendors.  Does that seem technically sound for a quick workaround?  Or am I missing something? 

    Thanks,

  • Defrag Tools: #8 - Mark Russinovich

    Spoiler Alert:  don't read this if you haven't read the Zero Day book. 

    Mark, since the infection Jeff worked on was triggered by an incorrect date on the system, why couldn't he just reset the system with the correct date and then reinstall from backup?  Even if the backup was infected, it wouldn't be triggered until the trigger date (09/11).  Doing this would have allowed his client to get back up and running at least for a while. 

    Even if Jeff wasn't aware that the infection had been triggered by an incorrect date, when the system was rebuilt the first time, Sue (or even Jeff) should have set the rebuilt system to a correct date.  If the date was for some reason still wrong after the system was rebuilt, it should have raised a huge red flag and given them troubleshooting options.