Full Disclosure mailing list archives
Re: Re: pnp worm unknown variant - postinfectionactions
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Wed, 17 Aug 2005 01:02:07 -0700
Aditya Deshmukh wrote:suppose we have VNC installed and that is used to take control of the computer and the actions show up as done by the user - would it not be caught by law enforcement ?What about Metasploit, which will gladly inject a RAM-only WinVNC server and give complete remote control without "installing" WinVNC anywhere on the hard drive? If your Windows box gets owned by such a thing, and you end up accused of the crimes that the attacker committed while they were in control of your box, you can kiss your ass goodbye.
exactly 100% correct, not to mention this defense will destroy a prosecution in front of a jury of people that can think for themselves, and an expert witness to properly diagram the attack vector / scenario. bravo, mw _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: pnp worm unknown variant - post infection actions Morning Wood (Aug 16)
- RE: Re: pnp worm unknown variant - post infectionactions frac (Aug 16)
- Re: Re: pnp worm unknown variant - post infection actions Jason Coombs (Aug 16)
- Re: Re: pnp worm unknown variant - post infection actions Nick FitzGerald (Aug 16)
- Re: Re: pnp worm unknown variant - post infection actions Jason Coombs (Aug 16)
- Re: Re: pnp worm unknown variant - post infection actions Nick FitzGerald (Aug 16)
- RE: Re: pnp worm unknown variant - post infectionactions Aditya Deshmukh (Aug 17)
- Re: Re: pnp worm unknown variant - post infection actions Nick FitzGerald (Aug 16)
- RE: Re: pnp worm unknown variant - post infectionactions Aditya Deshmukh (Aug 17)
- Re: Re: pnp worm unknown variant - post infectionactions Jason Coombs (Aug 17)
- Re: Re: pnp worm unknown variant - postinfectionactions Morning Wood (Aug 17)
- Re: Re: pnp worm unknown variant - postinfectionactions Valdis . Kletnieks (Aug 17)