Full Disclosure mailing list archives
Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses
From: "Exibar" <exibar () thelair com>
Date: Sat, 22 Nov 2008 14:07:07 -0500
wow, disabling files to run from the root of all drives would never, ever fly in a corporate environment. Although I do like the idea on stopping autorun malware, it would work... but oh the calls to the helpdesk! ;-) Simply disabling autorun is a much better solution. Exibar -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Bipin Gautam Sent: Friday, November 21, 2008 11:58 AM To: n3td3v Cc: full-disclosure () lists grok org uk; webmaster () us-cert gov Subject: [inbox] Re: [Full-disclosure] Fwd: Comment on: USB devices spreading viruses USB / FLOPPY are attractive means for virus/worm to propagate. Here is a workaround to stop a successful infection from happening (well ~99% of the time least) 1. if you dont use wscript.exe disable/rename it. 2. start menu > control pannel > administrative tools > local security policy >software restriction policy >additional rules say if c:\ d:\ and e:\ are your fixed drives then.... right click additional rules > create path rule and create path rule [DISALLOWED AS] c:\*.* d:\*.* e:\*.* // why let anything to execute from root of fixed drives. for all other drives (removable/non existing) from a - z do as a:\ b:\ f:\ g:\ ........and so on. Why let anything execute from removable drive unless you are 100% sure the pendrive is clean and from a trusted source only. always have file extension and hidden/protected system file to "show by default" from folder option. well this is it. From a personal experience i assure the above should be the BEST solution for this problem and a extra layer of defense if AV fails to detect it. thanks, -bipin On 11/21/08, n3td3v <xploitable () gmail com> wrote:
---------- Forwarded message ---------- From: n3td3v <xploitable () gmail com> Date: Fri, Nov 21, 2008 at 1:11 AM Subject: Comment on: USB devices spreading viruses To: n3td3v <n3td3v () googlegroups com> by n3td3v November 20, 2008 5:08 PM PST "Meanwhile, the U.S. Department of Defense has temporarily banned the use of thumb drives, CDs, and other removable storage devices because of the spread of the Agent.bzt virus..." There is no security through obscurity.
http://news.cnet.com/8618-1009_3-10104496.html?communityId=2114&targetCommun ityId=2114&blogId=83&messageId=5043948&tag=mncol;tback
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- x-no-archive: yes _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: Comment on: USB devices spreading viruses n3td3v (Nov 20)
- Re: Fwd: Comment on: USB devices spreading viruses Bipin Gautam (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses Salvador III Manaois (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses n3td3v (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses Valdis . Kletnieks (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses disco jonny (Nov 23)
- Re: Fwd: Comment on: USB devices spreading viruses Ureleet (Nov 23)
- Re: Fwd: Comment on: USB devices spreading viruses Salvador III Manaois (Nov 21)
- Re: Fwd: Comment on: USB devices spreading viruses Bipin Gautam (Nov 21)
- Re: [inbox] Re: Fwd: Comment on: USB devices spreading viruses Exibar (Nov 22)