| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Writing a worm |
From: "Geo."
The assumption was powershell being on all machines would make the virus
writers happy, because then they could count on all the added capabilities
to be there should they decide one was handy. I did not mean that
installing powershell would reduce your security, I meant that including it
would.
Geo.
"Rich" wrote in message news:45d27cd1{at}w3.nls.net...
Either way you have to have your worm which would almost always be sent
as native code to create a new process which could be ftp.exe et al,
cmd.exe, or powershell.exe. All the extra level of indirection gets you is
complexity. All a dependency on powershell.exe gets you is a much smaller
number of potential targets. It's simpler and probably smaller to use
native code.
Rich
"Geo." wrote in message
news:45d27a83$3{at}w3.nls.net...
So with Monad it's not like cmd, you have to start up some environment not
use the default?
Geo.
"Rich" wrote in message news:45d26fca$1{at}w3.nls.net...
I understand. With your example you would be better using native code
to
call ftp, tftp, or whatever instead of native code to call PowerShell and
then have it call ftp, tftp, or whatever.
Rich
"Geo." wrote in message
news:45d26a23{at}w3.nls.net...
The way you get in with a worm typically is by executing some simple
code
that then downloads the worm executable, sort of like a bootstrap
operation.
Things like scripting make it easier to do that stage one and get the
download going.
Granted, not always required as an example sql server worm didn't need
to
use this technique, but most do. Certainly the latest NT worms including
the
ones that hit NT4 machines use this technique. They also use other handy
stuff like ftp.exe or tftp.exe. The more capabilities the easier it is
to
infect a system.
That's why the old macs were considered so secure, there just wasn't
much
to
work with. It's also why if linux gets much more popular the virus
problem
there will be far worse than anything we've seen on windows.
Geo.
"Rich" wrote in message news:45d1e42e$1{at}w3.nls.net...
That's what I meant by "bypass the user". Makes no difference.
Rich
"Geo." wrote in message
news:45d19efa$2{at}w3.nls.net...
think worms not trojans. no user required.
Geo.
"Rich" wrote in message news:45d131f1$1{at}w3.nls.net...
Why? If you can fool or bypass the user to run a program you may
as
well
run a native program.
Rich
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 5030/786 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.