Full Disclosure mailing list archives
Re: Removing ShKit Root Kit
From: Gino Thomas <g.thomas () nux-acid org>
Date: Mon, 22 Dec 2003 21:36:39 +0100
Brian Eckman <eckman () umn edu> wrote:
What is a secure environment? If it was a secure environment, the machine would not have been compromised. Period.
As we all know nothing is 100% secure, so it can be compromised if in a high secure environment or not.
That might be a threat for those still running Office 97 or earlier. Unless it's a signed macro from a trusted source. Unless I'm missing something, Macros haven't been much of a threat since Office 2000 came out (That was roughly four years ago if you aren't counting).
That was one of a million possible ways for the attacker to modify any data to become malicious in a way or two.
Regardless, is anyone reading Microsoft Word docs using Microsoft Office on a system that is *that* critical that you absolutely cannot risk it getting compromised again regardless of cost? If so, perhaps you need to keep that machine off of a network.
If the compromised box was for example a FTP-Server holding many .doc, .mped, .avi,... files? The attacker could made the trojan general, so any workstation that will execute any of the "backup" files could get compromised.
For example, if it would take hundreds of hours to check the integrity of all of the data or recreate it, that had better be one mission critical database we're talking about, or else anybody in their right mind won't think twice about accepting the risk of copying that data back where it came from. Security isn't always ideal circumstances. Your company still needs to make a profit.
I agree. I did not claim this to be possible for every environment. -- Gino Thomas | mailto: g.thomas () nux-acid org | http://nux-acid.org GPG: E6EA9145 | 4578 F871 893E 1FEC 31FC 5B5E 8A46 4CC8 E6EA 9145 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Removing ShKit Root Kit, (continued)
- Re: Removing ShKit Root Kit Cael Abal (Dec 21)
- Re: Removing ShKit Root Kit Alexander Schreiber (Dec 21)
- Re: Removing ShKit Root Kit Chris (Dec 22)
- Re: Removing ShKit Root Kit Ron DuFresne (Dec 22)
- Re: Removing ShKit Root Kit nicholas (Dec 22)
- Re: Removing ShKit Root Kit Wesley D Craig (Dec 22)
- re: Removing ShKit Root Kit nicholas (Dec 22)
- RE: Removing ShKit Root Kit Schmehl, Paul L (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
- Re: Removing ShKit Root Kit Gino Thomas (Dec 22)
- Message not available
- Re: Removing ShKit Root Kit Gino Thomas (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
- Re: Removing ShKit Root Kit Nathan Bates (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
- Re: Removing ShKit Root Kit Nathan Bates (Dec 23)
- Re: Removing ShKit Root Kit Larry W. Cashdollar (Dec 22)
- Re: Removing ShKit Root Kit Brian Eckman (Dec 22)
- Re: Removing ShKit Root Kit Gregory A. Gilliss (Dec 22)
- Re: Removing ShKit Root Kit Ron DuFresne (Dec 22)