Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: pnp worm unknown variant - postinfectionactions

From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Wed, 17 Aug 2005 01:02:07 -0700
Aditya Deshmukh wrote:

suppose we have VNC installed and that is used to take control of the
computer and the actions show up as done by the user - would it not be
caught by law enforcement ?



What about Metasploit, which will gladly inject a RAM-only WinVNC server
and give complete remote control without "installing" WinVNC anywhere on
the hard drive?

If your Windows box gets owned by such a thing, and you end up accused
of the crimes that the attacker committed while they were in control of
your box, you can kiss your ass goodbye.


exactly 100% correct, not to mention this defense will destroy a prosecution
in front of a jury
of people that can think for themselves, and an expert witness to properly
diagram the attack vector / scenario.

bravo,
mw




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: