Full Disclosure mailing list archives
Re: Fwd: Comment on: USB devices spreading viruses
From: "Bipin Gautam" <bipin.gautam () gmail com>
Date: Fri, 21 Nov 2008 22:42:53 +0545
USB / FLOPPY are attractive means for virus/worm to propagate. Here is a workaround to stop a successful infection from happening (well ~99% of the time least) 1. if you dont use wscript.exe disable/rename it. 2. start menu > control pannel > administrative tools > local security policy >software restriction policy >additional rules say if c:\ d:\ and e:\ are your fixed drives then.... right click additional rules > create path rule and create path rule [DISALLOWED AS] c:\*.* d:\*.* e:\*.* // why let anything to execute from root of fixed drives. for all other drives (removable/non existing) from a - z do as a:\ b:\ f:\ g:\ ........and so on. Why let anything execute from removable drive unless you are 100% sure the pendrive is clean and from a trusted source only. always have file extension and hidden/protected system file to "show by default" from folder option. well this is it. From a personal experience i assure the above should be the BEST solution for this problem and a extra layer of defense if AV fails to detect it. thanks, -bipin On 11/21/08, n3td3v <xploitable () gmail com> wrote:
---------- Forwarded message ---------- From: n3td3v <xploitable () gmail com> Date: Fri, Nov 21, 2008 at 1:11 AM Subject: Comment on: USB devices spreading viruses To: n3td3v <n3td3v () googlegroups com> by n3td3v November 20, 2008 5:08 PM PST "Meanwhile, the U.S. Department of Defense has temporarily banned the use of thumb drives, CDs, and other removable storage devices because of the spread of the Agent.bzt virus..." There is no security through obscurity. http://news.cnet.com/8618-1009_3-10104496.html?communityId=2114&targetCommunityId=2114&blogId=83&messageId=5043948&tag=mncol;tback _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- x-no-archive: yes _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: Comment on: USB devices spreading viruses n3td3v (Nov 20)
- Re: Fwd: Comment on: USB devices spreading viruses Bipin Gautam (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses Salvador III Manaois (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses n3td3v (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses Valdis . Kletnieks (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses disco jonny (Nov 23)
- Re: Fwd: Comment on: USB devices spreading viruses Ureleet (Nov 23)
- Re: Fwd: Comment on: USB devices spreading viruses Salvador III Manaois (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses Bipin Gautam (Nov 21)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses Exibar (Nov 22)