Re: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1933 - 20

[Barry Fitzgerald <bkfsec@xxxxxxxxxxxxxxxx>]

Geo. wrote:

> > > far-fetched.  Would it be possible to create a jpeg that would copy
> > >      
> itself to other drives on a shared network in an auto-executable
> position?  I suppose so... however, it would be noisy and probably
> wouldn't be amazingly successful.<<
>
> Picture a company full of users and a worm that copys the jpg file to
> \\machinename\c$\Documents and Settings\All Users\Desktop
>
> you think it might get a few clicks, especially if it had a harmeless yet
> tempting name like saturn.jpg
>
> Geo.
>
>  
I could think of even worse places to put it. 

Of course, some companies would fall victim to this, but in an even 
remotely secured network domain, you'd probably have to compromise a 
domain admin's system and try to spread on shares via that login.

         -Barry

p.s.  By making the inherent assumption here that admins would be less 
likely to get infected with this than average users and that the average 
network is even remotely secured, I'm probably (definately?) giving 
corporate networks more slack than they deserve.   Referring to this 
attack vector as "wouldn't be amazingly successful" is probably wildly 
optimistic on my part.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html