[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Removing ShKit Root Kit

To: Jason <security@brvenik.com>
Subject: Re: [Full-Disclosure] Removing ShKit Root Kit
From: Brian Eckman <eckman@umn.edu>
Date: Tue, 23 Dec 2003 13:49:44 -0600

Jason wrote:

OK, so how does the attacker get the ADS to run? If you open something.txt in notepad, it doesn't launch the ADS 'trouble.exe' as an executable file. It's ignored.

The easy answer is start a command prompt and type

start something.txt:trouble.exe

You totally missed my point. If the hacker can run "start" anything on your system, it's game over anyway.

--
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota


"There are 10 types of people in this world. Those who
understand binary and those who don't."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Removing ShKit Root Kit
  - From: "Schmehl, Paul L" <pauls@utdallas.edu>
- Re: [Full-Disclosure] Removing ShKit Root Kit
  - From: Jason <security@brvenik.com>

Prev by Date: [Full-Disclosure] Long intevals on phase I rekey on VPN
Next by Date: Re: [Full-Disclosure] visa XSS?
Previous by thread: Re: [Full-Disclosure] Removing ShKit Root Kit
Next by thread: RE: [Full-Disclosure] Removing ShKit Root Kit
Index(es):
- Date
- Thread