Full Disclosure mailing list archives
Re: Fwd: Comment on: USB devices spreading viruses
From: "Salvador III Manaois" <badzmanaois () gmail com>
Date: Sat, 22 Nov 2008 01:13:36 +0800
...or super-glue your USB ports. SRP is one possible solution as mentioned by Bipin. Or only allow signed scripts to run. Disable USB storage via group policy or through third-party solutions like DeviceLock. Or, (shameless plug alert) try this tweak (have it signed if your environment only allows signed scripts to execute): http://badzmanaois.blogspot.com/2008/09/disable-usb-storage-using-vbs-script_07.html ...badz... Bytes & Badz: http://badzmanaois.blogspot.com On Sat, Nov 22, 2008 at 12:57 AM, Bipin Gautam <bipin.gautam () gmail com> wrote:
USB / FLOPPY are attractive means for virus/worm to propagate. Here is a workaround to stop a successful infection from happening (well ~99% of the time least) 1. if you dont use wscript.exe disable/rename it. 2. start menu > control pannel > administrative tools > local security policy >software restriction policy >additional rules say if c:\ d:\ and e:\ are your fixed drives then.... right click additional rules > create path rule and create path rule [DISALLOWED AS] c:\*.* d:\*.* e:\*.* // why let anything to execute from root of fixed drives. for all other drives (removable/non existing) from a - z do as a:\ b:\ f:\ g:\ ........and so on. Why let anything execute from removable drive unless you are 100% sure the pendrive is clean and from a trusted source only. always have file extension and hidden/protected system file to "show by default" from folder option. well this is it. From a personal experience i assure the above should be the BEST solution for this problem and a extra layer of defense if AV fails to detect it. thanks, -bipin On 11/21/08, n3td3v <xploitable () gmail com> wrote:---------- Forwarded message ---------- From: n3td3v <xploitable () gmail com> Date: Fri, Nov 21, 2008 at 1:11 AM Subject: Comment on: USB devices spreading viruses To: n3td3v <n3td3v () googlegroups com> by n3td3v November 20, 2008 5:08 PM PST "Meanwhile, the U.S. Department of Defense has temporarily banned the use of thumb drives, CDs, and other removable storage devices because of the spread of the Agent.bzt virus..." There is no security through obscurity. http://news.cnet.com/8618-1009_3-10104496.html?communityId=2114&targetCommunityId=2114&blogId=83&messageId=5043948&tag=mncol;tback _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- x-no-archive: yes _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: Comment on: USB devices spreading viruses n3td3v (Nov 20)
- Re: Fwd: Comment on: USB devices spreading viruses Bipin Gautam (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses Salvador III Manaois (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses n3td3v (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses Valdis . Kletnieks (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses disco jonny (Nov 23)
- Re: Fwd: Comment on: USB devices spreading viruses Ureleet (Nov 23)
- Re: Fwd: Comment on: USB devices spreading viruses Salvador III Manaois (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses Bipin Gautam (Nov 21)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses Exibar (Nov 22)