The alert blinked on Kaspersky’s central console: – source: workstation 14-B, time: 03:14 AM.
Kaspersky had caught it not as an exploit, but as a behavior – the generic signature of something feeling its way through the dark. scan.generic.portscan.udp kaspersky
The laptop’s owner, Derek from creative, was supposedly on paternity leave. His machine, however, was alive with chatter – a staccato burst of empty UDP packets hammering against the finance department’s VPN gateway. Not a targeted attack. Generic. Noisy. Amateur. The alert blinked on Kaspersky’s central console: –
She ran a memory dump. The laptop’s RAM contained a tiny, nameless process – a binary that had arrived via a phishing PDF three days ago, undetected until now. The PDF was an invoice. Derek, sleep-deprived with a newborn, had clicked it at 2 AM. His machine, however, was alive with chatter –
“Probably a worm,” she muttered, isolating the device. But Kaspersky’s behavioral engine flagged something else: the scan wasn’t random. It was probing port 161 (SNMP) and port 137 (NetBIOS) in a slow, rhythmic pattern. Not a scan for vulnerabilities. A scan for echoes .
Maya killed the laptop’s network port. Then she called Derek. “Congratulations on the baby. Now, about your computer…”