[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <cb7d6d2e0811210913s2ccfa9a2if7590a622b361c79@mail.gmail.com>
Date: Sat, 22 Nov 2008 01:13:36 +0800
From: "Salvador III Manaois" <badzmanaois@...il.com>
To: "Bipin Gautam" <bipin.gautam@...il.com>, full-disclosure@...ts.grok.org.uk
Cc: webmaster@...cert.gov
Subject: Re: Fwd: Comment on: USB devices spreading viruses
...or super-glue your USB ports.
SRP is one possible solution as mentioned by Bipin. Or only allow
signed scripts to run. Disable USB storage via group policy or through
third-party solutions like DeviceLock.
Or, (shameless plug alert) try this tweak (have it signed if your
environment only allows signed scripts to execute):
http://badzmanaois.blogspot.com/2008/09/disable-usb-storage-using-vbs-script_07.html
...badz...
Bytes & Badz: http://badzmanaois.blogspot.com
On Sat, Nov 22, 2008 at 12:57 AM, Bipin Gautam <bipin.gautam@...il.com> wrote:
> USB / FLOPPY are attractive means for virus/worm to propagate. Here is
> a workaround to stop a successful infection from happening (well ~99%
> of the time least)
>
> 1. if you dont use wscript.exe disable/rename it.
>
> 2. start menu > control pannel > administrative tools > local security
> policy >software restriction policy >additional rules
>
> say if c:\ d:\ and e:\ are your fixed drives then....
>
> right click additional rules > create path rule and create path rule
> [DISALLOWED AS]
>
> c:\*.*
> d:\*.*
> e:\*.*
>
> // why let anything to execute from root of fixed drives.
>
> for all other drives (removable/non existing) from a - z do as
> a:\
> b:\
> f:\
> g:\
> ........and so on. Why let anything execute from removable drive
> unless you are 100% sure the pendrive is clean and from a trusted
> source only.
>
> always have file extension and hidden/protected system file to "show
> by default" from folder option.
>
> well this is it. From a personal experience i assure the above should
> be the BEST solution for this problem and a extra layer of defense if
> AV fails to detect it.
>
> thanks,
> -bipin
>
>
> On 11/21/08, n3td3v <xploitable@...il.com> wrote:
>> ---------- Forwarded message ----------
>> From: n3td3v <xploitable@...il.com>
>> Date: Fri, Nov 21, 2008 at 1:11 AM
>> Subject: Comment on: USB devices spreading viruses
>> To: n3td3v <n3td3v@...glegroups.com>
>>
>>
>> by n3td3v November 20, 2008 5:08 PM PST
>>
>> "Meanwhile, the U.S. Department of Defense has temporarily banned the
>> use of thumb drives, CDs, and other removable storage devices because
>> of the spread of the Agent.bzt virus..."
>>
>> There is no security through obscurity.
>>
>> http://news.cnet.com/8618-1009_3-10104496.html?communityId=2114&targetCommunityId=2114&blogId=83&messageId=5043948&tag=mncol;tback
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> --
> x-no-archive: yes
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists