[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <79EDD069-9414-4EEA-BB6D-EF8E817632B2@bellsouth.net>
Date: Wed, 23 Sep 2009 18:19:59 -0400
From: Mary Landesman <marylande@...il.com>
To: full-disclosure@...ts.grok.org.uk,
Jeff Kell <jeff-kell@....edu>
Subject: Re: Dumb question: Is Windows box behind a router
safe ?
>
> The more appropriate question would be "Is a Windows box safe with a
> user behind it?" since today's threats require that you browse to the
> danger, or click an "OK" button first :-)
Shall we just ignore the thousands of variants of Virut which are
extremely prevalent? Virut is a file infecting virus combined with an
IRC backdoor. Or how about the Nirbot family, which is like Virut only
it includes RPC and LSASS exploits for additional means of
propagation. How about the ubiquitous autorun worms that propagate via
removable, fixed, and shared drives? How about those that are a
combination of all of the above?
As for "browse to the danger" do you mean open a browser window and
perform a search using your favorite search engine? Or browsing to
your favorite trusted news, sports, enterprise website that happens to
work with advertising networks that happened to be infiltrated by a
malicious ad run? Or browsing to any of the other millions of websites
which happened to be compromised via SQLi, stolen credentials, poorly
configured settings, or any number of means? All of the above are
viable means of malware exposure, simply by opening the browser.
The malware problem is not user-driven (nor is it Windows-specific).
-- Mary
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists