On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 5 of 19:
Next »
« Previous
Here is the orifice:
From www.cert.org
[ http://www.cert.org/incident_notes/IN-2003-03.html ]

``The worm requires a user to execute the malicious attachment either manually or by using an email client that will open the attachment automatically.

Upon successful execution, the worm installs itself as C:\%windir%\winppr.exe and also creates the file C:\%windir%\winstt32.dat. An entry is also added to the Run registry key so that this executable will be run upon system restart. The key installed in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run is ScanX with the value "c:\winnt\winppr.exe /sinc".

The program then proceeds to scan files with certain extensions (htm, html, dbx, hlp, mht, txt, wab) on the compromised system for valid email addresses, and it uses an internal SMTP engine to email itself to those addresses.''


In Unix/Linux, the usser cannot modify system directories / files at his whim. Only the superuser or privilleged accounts may execute certain management code, let alone writing in system directories.

Plus on a PC where the 'owner' is the administrator there is NO restriction as to what can be executed and what types of network packets can be put together and sent out. That is, it makes it SO EASY to usurp a PC and then start hacking into other machines that are accessible.

Under Unix/Linux only the root user or the kernel can do this. So even if one can manage to run foreign code stealthily masquareding as a legitimate user, the desctruction is STILL limited to that user's data.

cheers -m
Posted by: michael-t   Posted on: 12/09/03 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Whos is going to foot the bill?  michael-t | 12/09/03
Not MS this time  rpmyers1 | 12/09/03
But they DID leave the openings  AbsolutelyNot | 12/09/03
WHAT OPENING?  rpmyers1 | 12/09/03
Here is the orifice:  michael-t | 12/09/03
Again WHAT HOLE?  rpmyers1 | 12/09/03
rpmyers1 - you're busted  jellyclock | 12/10/03
tsk tsk jellyclock  rpmyers1 | 12/10/03
Irresponsible ISPs are to blame  RestonTechAlec | 12/09/03
Some issues:  michael-t | 12/09/03
ISPs need to re-examine their role in security  alanmcrae@... | 12/10/03
Update and secure the mail transport protocol  FilledOut | 12/09/03
Interesting responses.  Cardinal_Bill | 12/09/03
It's part of the solution to spam  FilledOut | 12/09/03
It's not that tough  RestonTechAlec | 12/09/03
Up to a point.  Cardinal_Bill | 12/09/03
RAT removal  cfoheadhunter | 12/10/03
top 10 viruses for 2003  B.O.F.H. | 12/10/03
simple solution  pinkyxjmmb | 12/25/03

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

SmartPlanet

Click Here