funsec mailing list archives
Re: Microsoft blames Vista insecurity on thirdparty applications
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 20 Dec 2006 17:51:30 -0800
Nick FitzGerald wrote:
Did you find it because it triggered its payload?
Nah. There was no mechanism to execute the file, it would just collect them. It was an open share faked up to look like a Windows 9x C drive share. There was some malware at the time that was scanning for open shares. If \windows\system32 existed, it would drop and try to modify win.ini or something. Then it would send ping-of-death type attacks to try to get the box to reboot, and therefore execute the code. So I was just picking up the files that got delivered, and checking them out. I got a lot of Nimda. If the infected box attacking had both worms, one would connect to the open share, and then Nimda would run across the connected share, and drop itself too. I was researching Nimda not long before that too, so I had some quick tests that told me something was likely Nimda. I had something that wasn't quite right (Size? Can't remember), so I looked into a bit more. It sorta looked like Nimda, but when I threw some virus scanners at it, they identified it as this BIOS killer. A couple said it was both. So yeah, three pieces of malware cooperating to get something on my box. A little freaky. Ryan _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft blames Vista insecurity on third party applications Fergie (Dec 20)
- RE: Microsoft blames Vista insecurity on third partyapplications Blanchard_Michael (Dec 20)
- Re: Microsoft blames Vista insecurity on third party applications Blue Boar (Dec 20)
- Re: Microsoft blames Vista insecurity on third party applications Brian Loe (Dec 20)
- RE: Microsoft blames Vista insecurity on thirdparty applications Larry Seltzer (Dec 20)
- Re: Microsoft blames Vista insecurity on thirdparty applications Blue Boar (Dec 20)
- RE: Microsoft blames Vista insecurity on thirdparty applications Larry Seltzer (Dec 20)
- Re: Microsoft blames Vista insecurity on thirdparty applications Blue Boar (Dec 20)
- Re: Microsoft blames Vista insecurity on thirdparty applications Nick FitzGerald (Dec 20)
- Re: Microsoft blames Vista insecurity on thirdparty applications Blue Boar (Dec 20)
- RE: Microsoft blames Vista insecurity on thirdparty applications Nick FitzGerald (Dec 20)
- Re: Microsoft blames Vista insecurity on third party applications Brian Loe (Dec 20)
- Re: Microsoft blames Vista insecurity on third party applications Nick FitzGerald (Dec 20)