Prev: Banned IP Address, May have Cause By Trojan or Worm!
Next: svchost.exe connection on to rogue IP:
From: edward on 19 May 2010 22:39
I can see a virus getting in the shared folder by adding a file or maybe
editing a files already there but how would it get run.
windows xp and vista latest sp's auto windows update's.
only one folder is shared c:\share\.
the pctool's firewall is blocking the laptop except when I need to transfer
files.
was really wondering though what the infection risk is.
the only thing I can think of for automatic execution is an exploit.

any info would be nice thank you.

From: David H. Lipman on 19 May 2010 23:55
From: "edward" <trekie122(a)lavabit.com>

| I can see a virus getting in the shared folder by adding a file or maybe
| editing a files already there but how would it get run.
| windows xp and vista latest sp's auto windows update's.
| only one folder is shared c:\share\.
| the pctool's firewall is blocking the laptop except when I need to transfer
| files.
| was really wondering though what the infection risk is.
| the only thing I can think of for automatic execution is an exploit.

| any info would be nice thank you.


Bots (RBot, GAOBot, etc) and Viruses usually exploit weak passwords with dictionary
attacks. That is the use a list of well known BAD passwords such as; admin and password
Look at the logs and see if there are numerous bad attempts to access a share.

If you are sharing a folder, make sure that you use strong passwords such as 8~10
characters with a good mix of uppercase, lowercase numbers and special characters.

Also they will attack administrative shares such as IPC$ and C$. Make sure the
administrator account is locked down with a string password.

Once they are in a system they can replace files with malware and thus infect the
computer. Once infected that computer will too use worm methodologies to infect other
computers.

Exploitation is another matter. For example Lovsan/Blaster worm exploited a buffer
overflow in TCP port 135 and RPC/DCOM to infect computers. The Sasser worm worm exploited
a buffer overflow in TCP port 445 and LSASS to infect computers.

Viruses that use network protocols to spread and infect other computers are Internet
worms.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: "FromTheRafters" erratic on 20 May 2010 06:27
"edward" <trekie122(a)lavabit.com> wrote in message
news:8B9F50C0-3416-4037-90D0-F38C3D304232(a)microsoft.com...
>I can see a virus getting in the shared folder by adding a file or
>maybe
> editing a files already there but how would it get run.
> windows xp and vista latest sp's auto windows update's.
> only one folder is shared c:\share\.
> the pctool's firewall is blocking the laptop except when I need to
> transfer
> files.
> was really wondering though what the infection risk is.
> the only thing I can think of for automatic execution is an exploit.
>
> any info would be nice thank you.

A virus doesn't require autoexecution of its replicant, that is more a
feature of a true worm. As you mentioned, if a program file can be
edited to include a viral function (becomes a virus through infection),
then it can just wait until the program *eventually* gets executed.
Programs that self-replicate but don't "infect" and also don't
autoexecute are also considered worms (self-contained malware rather
than being "hosted" by a program) but are not "true worms" which always
autoexecute.


From: edward on 25 May 2010 22:55
ok have xp home fully patched.
one account admin no password
no other accounts that I know of.
pctools firewall nav 2010 and threatfire.
the firewall is blocking all inbound except when I set it to allow the
laptop to connect.
the only folder set for share is c:\share\
laptop can write to it.
xp is fully patched are there any known exploit's for a virus to install on
the machine silently.
excluding adding a file to c:\share\ and me running it.

From: David H. Lipman on 25 May 2010 23:26
From: "edward" <trekie122(a)lavabit.com>

| ok have xp home fully patched.
| one account admin no password
| no other accounts that I know of.
| pctools firewall nav 2010 and threatfire.
| the firewall is blocking all inbound except when I set it to allow the
| laptop to connect.
| the only folder set for share is c:\share\
| laptop can write to it.
| xp is fully patched are there any known exploit's for a virus to install on
| the machine silently.
| excluding adding a file to c:\share\ and me running it.


and... ?
Is there a question in that ?

Are you asking how screwed you can be with "one account admin no password" ?
If yes... quite screwed !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


 |  Next  |  Last
Pages: 1 2
Prev: Banned IP Address, May have Cause By Trojan or Worm!
Next: svchost.exe connection on to rogue IP: