On 25/08/2013 3:27 PM, Daniel Jitnah wrote:
If you had said "OMG really? Oh no!" he would have move to phase two: convincing you to install a remote viewing server on your Windows box, so he can turn it into a zombie or pull your bank details or whatever. Yes, I actually have a video screen capture of an actual attack session which I recorded a while back in a XP Virtualbox snapshot VM made specially for the purpose.!! Its about 1/2 hr long, through a lot of it nothing happens while "Jason" goes on and on about how my PC is infected and I am doomed etc. Pity it has no audio. When I have time I will edit and make it viewable in say 5-10 mins, with comments or voice over.
That might be a bit interesting, but what makes you think that everything that was done, was visible? Remote cmd shell execution via psexec for instance.... There are installers that will allow /quiet and hidden/ installation options. They may also traverse your home network, possibly infecting or owning other Windows boxen. Oh and many of the XP exploits will go in hiding (and most probably have already), to ensure that M$ doesn't patch them up before D-Day for XP in April next year. You need a before and after full registry export for comparison, as well as a full image of any possibly touched file systems, boot records or anything else that could be compromised. Anybody still running XP on ANY machine beyond April next year is really going to be asking for trouble, unless they are completely disconnected from any kind of Internet access at any time in the future. Cheers A.