How might you react and deal with being exploited?

Discussion in 'polls' started by wat0114, Dec 22, 2013.

?

How might you react and deal with being exploited?

  1. Shocked. How could this happen to me!? Will need help to clean the infection.

    1 vote(s)
    2.3%
  2. Shocked. How could this happen to me!? Will re-install the O/S.

    5 vote(s)
    11.4%
  3. Shocked. How could this happen to me!? Will wipe drive and restore a recent backup image.

    14 vote(s)
    31.8%
  4. Oh well, nothing new. Will need help to clean the infection.

    1 vote(s)
    2.3%
  5. Oh well, nothing new. Will re-install the O/S.

    1 vote(s)
    2.3%
  6. Oh well, nothing new. Will wipe drive and restore a recent backup image.

    3 vote(s)
    6.8%
  7. Other

    19 vote(s)
    43.2%
  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    I'm really curious as to how people might react to being exploited. I chose #3.
     
  2. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    570
    Location:
    Bosnia
    What's #3?
    There's no poll :D
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    just submitted now :)
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    My initial reaction would be somewhere in between shocked and oh well. In the end, I'd probably restore the last backup. In between, I'd try to determine how I was compromised, and assuming that it wasn't stupidity on my part, attempt to close the vulnerability after I restore the system.
     
  5. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    570
    Location:
    Bosnia
    I would do the same and no, nothing can shock me these days except 240V or higher.
     
  6. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Hmm. I picked "Nothing new, restore from backups," but now that I think about it that's the procedure for ITW Windows malware - the usual automated rubbish. Whereas I'm on Linux. Which means a compromise would be less likely, but if it did happen, it would probably be more serious. And more exotic. And more of a hastle to deal with.

    Actually that deserves its own thread, I think.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Shocking... but backup is always there.
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    From my pov the backup is the "be all and end all" of the complete security & recovery package, so that no matter how shocking or surprising an exploit might be, it should result in nothing more than a minor inconvenience for the end user. In all actuality, the backup will probably be used more to recover from a broken system than for an exploited one. I've used it several times in this case. Keeping sensitive data off the machine or encrypted is, imho, a close second in importance.
     
  9. Behold Eck

    Behold Eck Registered Member

    Joined:
    Aug 23, 2013
    Posts:
    440
    Location:
    The Outer Limits
    Depending on what type of exploit but it would be bemusement at first and then
    try and get rid of it and clean up the system etc so on so forth.......

    It would be interesting though hunting it down and trying to figure out how it got in.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If someone is smart enough to get into my system I very much doubt I'll notice it. If I did, I'd take the system offline, analyze it, attempt to determine how they got in, etc. Once I had all of that information I would take steps to repair the situation, either cleaning it up or wiping the system, and then hardening it against further attack.
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    There are other actions to take besides what you have listed, depending on what sensitive info you have on your HD.
    For instance, I would cancel all credit cards and ask for replacements.
    If your machine holds sensitive data affecting others (like credit reports or applications, etc.), then it becomes your responsibility to contact those people and let them know what has happened.
    Simply reacting with something between a ho-hum and surprise, then restoring an image, is really only part of the process.
    Think of the email files that may have been compromised and what the culprit now knows about friends, family and associates.
    Anyone who says they "restore and move on", seems to me, is overlooking a vast amount of damage control.
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Yeah, I wish I had included a few more poll options :( ...but at least I included "Other".
     
  13. Dave0291

    Dave0291 Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    553
    Location:
    U.S
    I would simply be annoyed and, quite honestly, would feel pity that someone hacked into a home system that contains absolutely no important or sensitive data. Even if all they desire is to use me as a part of a botnet, I will simply reload the OS and every other software package I have from scratch. No possibly compromised backup images, no thumb drives, nothing. After that I will change every website password not because I feel they might be compromised, but simply because. If I have even the slightest suspicion or doubt about the security of any financial accounts, I will have cards destroyed and renewed. After that, there is really nothing that can be done but to move on and be more vigilant.
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Yes, one thing you can bank on around here... when a poll is created, there are plenty of participants waiting to tell the OP how it could have been made better. ;)

    Btw, one of the most astute responses so far came from Hungry Man...
     
  15. Pandora Box

    Pandora Box Registered Member

    Joined:
    Dec 6, 2013
    Posts:
    25
    Location:
    In a doghouse
    I don't have any reaction above these polls.
    But my reaction will rather be. "Oh no you don't! Time Slipped!!" :D

    Toolwiz Time Freeze can cure all my shock. ;)
    Revert everything back to time like Deepfreeze.
    I always use this when I can't handle the LassBoss virus.

    Beside Toolwiz is 100% free even made me completly forgot a about CCleaner.:p
     
  16. guest

    guest Guest

    Other --> Not allowing the exploitations to be successful at all since the first place.
     
  17. tomazyk

    tomazyk Guest

    I picked the Other option.
    First I would try to figure out how I got exploited. For me there is no point in restoring a system image if I don't close the door that let the bad guys in.
    When I'd figure out what was going on, I would restore an image and close the exploit. If that would not be possible, I would change problematic program or OS.
     
  18. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    " Shocked. How could this happen to me!? Will wipe drive and restore a recent backup image. " But really not shocked, rather: who wanted to exploit me, and why ?

     
  19. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    First thing take the machine off line, isolate our LAN from other connected networks (WAN/Internet) see if rest of network machines and data has been compromised and take those offline, reset passwords, expire certificates, informing any one else who could be at risk before even think about looking at infected machine.
     
  20. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    When you have found, that your system(s) has been exploited, then comes the analytical part. What has happened, damage control and what to do to prevent a situation like this. If you are able to, then simulate the situation that lead to the exploitation of your systems, to see if you have implemented the right tools, to handle a situation like this again, in your network. Besides that, then I think that Page42 is spot on with his post, that you may need to warn people/friends on your mail list, and you may also need to replace credit card informtion just in case.

    Regards Janus
     
    Last edited: Dec 23, 2013
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    I'm being exploited all the time - I have to work almost every day!
    Mrk
     
  22. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Clearly a lot more involved than with a home system. What is done to recover the infected machine(s)? Is it reloaded with a COE or some other method used?
     
  23. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,915
    I would check "Not shocked and will have fun to clean it and go to a previous snapshot". I have on my PC Eaz-Fix 9.1 and CTM 2.8.
     
  24. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I'd be pretty shocked if it happened to me despite the measures I've taken. And I'd reformat my box altogether, not just reimage. I'm OCD about that kinda stuff. I'd reimage if it were a user error or some glitch, but an infection and I couldn't sleep until I wrote zeros to every sector of the drive and started from formula.
     
  25. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    974
    I'll let Wilders Forum know sometime after April 8, 2014.
     
Loading...