Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses

From: "Exibar" <exibar () thelair com>
Date: Sat, 22 Nov 2008 14:07:07 -0500
wow, disabling files to run from the root of all drives would never, ever
fly in a corporate environment.  Although I do like the idea on stopping
autorun malware, it would work... but oh the calls to the helpdesk! ;-)  

Simply disabling autorun is a much better solution.

  Exibar

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Bipin Gautam
Sent: Friday, November 21, 2008 11:58 AM
To: n3td3v
Cc: full-disclosure () lists grok org uk; webmaster () us-cert gov
Subject: [inbox] Re: [Full-disclosure] Fwd: Comment on: USB devices
spreading viruses

USB / FLOPPY are attractive means for virus/worm to propagate. Here is
a workaround to stop a successful infection from happening (well ~99%
of the time least)

1. if you dont use wscript.exe disable/rename it.

2. start menu > control pannel > administrative tools > local security
policy >software restriction policy >additional rules

say if c:\ d:\ and e:\ are your fixed drives then....

right click additional rules > create path rule and create path rule
[DISALLOWED AS]

c:\*.*
d:\*.*
e:\*.*

// why let anything to execute from root of fixed drives.

for all other drives (removable/non existing) from a - z do as
a:\
b:\
f:\
g:\
........and so on. Why let anything execute from removable drive
unless you are 100% sure the pendrive is clean and from a trusted
source only.

always have file extension and hidden/protected system file to "show
by default" from folder option.

well this is it. From a personal experience i assure the above should
be the BEST solution for this problem and a extra layer of defense if
AV fails to detect it.

thanks,
-bipin


On 11/21/08, n3td3v <xploitable () gmail com> wrote:

---------- Forwarded message ----------
From: n3td3v <xploitable () gmail com>
Date: Fri, Nov 21, 2008 at 1:11 AM
Subject: Comment on: USB devices spreading viruses
To: n3td3v <n3td3v () googlegroups com>


by n3td3v November 20, 2008 5:08 PM PST

"Meanwhile, the U.S. Department of Defense has temporarily banned the
use of thumb drives, CDs, and other removable storage devices because
of the spread of the Agent.bzt virus..."

There is no security through obscurity.



http://news.cnet.com/8618-1009_3-10104496.html?communityId=2114&targetCommun
ityId=2114&blogId=83&messageId=5043948&tag=mncol;tback


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
x-no-archive: yes

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: