2

I have to work on infected websites once in a while, and I'm wondering if there are some good practices to keep my computer safe.

I use my personal computer for work, so I'd like to take precautions.

Is downloading an infected website via FTP a risk only if I run it locally? If not, what are good safety measures I can use to minimize the risk?

Shane
  • 131
  • 4
  • Depending on the infection, it may not be the same as "comprimised". There are many javascript injections that may happen through vulnerabilities in the code or modifications to the server side scripts done with an unprivileged account which only affects the website but not the entirely system. A compromised system is another story. – lepe Jun 23 '16 at 02:04

1 Answers1

4

First of all if you are downloading and running code from an infected website, you basically may infect your machine. So at this point it's time for you to format your computer and reinstall everything.

Second of all when doing incident response (which this basically is) you always start from a fresh build with your tools, either in a virtual machine or on a physical machine, and download the files to your machine. You can then analyze the malware. Afterwards you either discard or store the image. You then copy your clean image again for your next IR. You NEVER re-use the same OS where you already did analysis on.

Also refer to our topic here How do I deal with a compromised server?

Lucas Kauffman
  • 54,229
  • 17
  • 113
  • 196
  • Thanks. I never ran infected code, though I did edit infected files, but I've formatted just yesterday and have to deal with an infected site now and didn't want to take any risks. I was planning on using VirtualBox + linux OS, that would be sufficient then? I'll keep a clean image of the VM for any other infections I may have to clean. – Shane Dec 15 '14 at 19:49