lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 21 Nov 2008 22:42:53 +0545
From: "Bipin Gautam" <bipin.gautam@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, webmaster@...cert.gov
Subject: Re: Fwd: Comment on: USB devices spreading viruses

USB / FLOPPY are attractive means for virus/worm to propagate. Here is
a workaround to stop a successful infection from happening (well ~99%
of the time least)

1. if you dont use wscript.exe disable/rename it.

2. start menu > control pannel > administrative tools > local security
policy >software restriction policy >additional rules

say if c:\ d:\ and e:\ are your fixed drives then....

right click additional rules > create path rule and create path rule
[DISALLOWED AS]

c:\*.*
d:\*.*
e:\*.*

// why let anything to execute from root of fixed drives.

for all other drives (removable/non existing) from a - z do as
a:\
b:\
f:\
g:\
........and so on. Why let anything execute from removable drive
unless you are 100% sure the pendrive is clean and from a trusted
source only.

always have file extension and hidden/protected system file to "show
by default" from folder option.

well this is it. From a personal experience i assure the above should
be the BEST solution for this problem and a extra layer of defense if
AV fails to detect it.

thanks,
-bipin


On 11/21/08, n3td3v <xploitable@...il.com> wrote:
> ---------- Forwarded message ----------
> From: n3td3v <xploitable@...il.com>
> Date: Fri, Nov 21, 2008 at 1:11 AM
> Subject: Comment on: USB devices spreading viruses
> To: n3td3v <n3td3v@...glegroups.com>
>
>
> by n3td3v November 20, 2008 5:08 PM PST
>
> "Meanwhile, the U.S. Department of Defense has temporarily banned the
> use of thumb drives, CDs, and other removable storage devices because
> of the spread of the Agent.bzt virus..."
>
> There is no security through obscurity.
>
> http://news.cnet.com/8618-1009_3-10104496.html?communityId=2114&targetCommunityId=2114&blogId=83&messageId=5043948&tag=mncol;tback
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
x-no-archive: yes

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ