How to determine if a common process has been hacked
When trying to ID some stealthy Trojan, how can I ensure that the hacker has not hacked part of a common process such as outlook.exe or iexplore.exe?
You could do an integrity check of those files. Using a program like Tripwire or just an md5 calculator, you can get a fingerprint of the normal outlook.exe and iexplore.exe programs. Then, you can check to see if they have changed. If they have changed, it means you have either installed a patch or someone has altered them, possibly maliciously.
For more information on this topic, visit these other SearchSecurity.com resources:
Tech Tip: Inspect files and directories for unexpected changes
Tech Tip: Verify your data
Best Web Links: Securing your products and platforms
This was first published in July 2002