Is there any method with which you can determine the origin for a given piece of malware in Windows?
One of my PCs was recently infected with the PWS:Win32/Zbot.gen!AP password stealing trojan. Is there any way to tell from what source this virus was downloaded from?
Answer
What you are asking looks very much like what forensic researchers do in criminal cases. You could make a copy of the disk and then with painstaking manual analysis and forensic tools try to find clues. You could maybe determine the time of infection, and if enough logs are left try to list the sources accessed around that time.
But success is definitely not guaranteed, for a number of reasons:
you did not have systematic logging active on an 'ordinarily configured' computer
the infection sources may have changed/gone; you do have some extra information here in cases where 'familiar' viruses have been distributed through a limited number of sites (not likely).
especially in your case is sound like an ordinary hard disk that has been used since the infection, thereby overwriting important information from around the time of infection.
So, for all practical purposes, the answer is 'very unlikely'.
No comments:
Post a Comment