Penetration Testing mailing list archives
Re: --++[Preventing the spread of USB malware]++--
From: Shreyas Zare <shreyas () technitium com>
Date: Wed, 15 Apr 2009 20:28:06 +0530
Hi, Thats true if the trusted machine is really infected. The SYSTEM user not being present in the permissions makes processes running as SYSTEM not able to write into the drive. This helps to some extent with malware running as SYSTEM. Also, using AD user for this purpose is not good idea. Only local machine user should be used since if you logon with AD user to infected machine, put the drive in then it would definitely get infected and the method fails. Generally, malware are not coded to change file permissions and so this method thwarts most common threats (in general). Regards, On Wed, Apr 15, 2009 at 8:03 PM, Irrational Pi <pinowudi () gmail com> wrote:
This is an elegant solution for userland malware trying to dump to a USB without permission checks. It will fail for a malware that crosses into kernel territory for the purpose of infecting all users of a machine. Sadly these are becoming more common. This would invalidate the solution based on your "only my trusted machine users" assumption. All users would be compromised on the machine, even the 'trusted' ones.
-- ("Computers have a strange habit of doing what you say, not what you mean." - SANS Top 25 Most Dangerous Programming Errors) Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Join Sci-Tech News group and get the latest science & technology news in your inbox. Visit http://tech.groups.yahoo.com/group/sci-tech-news to join. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Re: Botnets, (continued)
- Re: Botnets M.D.Mufambisi (Apr 03)
- Re: Botnets Renaud Bidou (Apr 03)
- Re: Botnets R. DuFresne (Apr 03)
- Re: Botnets Aarón Mizrachi (Apr 03)
- Message not available
- Re: Botnets Aarón Mizrachi (Apr 14)
- --++[Preventing the spread of USB malware]++-- Marcus Vinicius (Apr 14)
- Re: --++[Preventing the spread of USB malware]++-- Shreyas Zare (Apr 14)
- Re: --++[Preventing the spread of USB malware]++-- Nathan Sportsman (Apr 15)
- Message not available
- Re: --++[Preventing the spread of USB malware]++-- Marcus Vinicius (Apr 15)
- Message not available
- Re: --++[Preventing the spread of USB malware]++-- Marcus Vinicius (Apr 15)
- Re: Botnets Aarón Mizrachi (Apr 03)
- Message not available
- Re: --++[Preventing the spread of USB malware]++-- Shreyas Zare (Apr 15)
- Message not available
- Re: --++[Preventing the spread of USB malware]++-- Shreyas Zare (Apr 16)
- Re: --++[Preventing the spread of USB malware]++-- Razi Shaban (Apr 14)
- Re: Botnets R. DuFresne (Apr 14)