| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Writing a worm |
From: "Rich"
This is a multi-part message in MIME format.
------=_NextPart_000_02FA_01C74FB0.CB5B38A0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
There is nothing that native code couldn't do. In other words, there =
are no additional capabilities. What fraction of recent worms have used =
cmd.exe on Windows or one of the shells on linux/unix?
Rich
"Geo." wrote in message =
news:45d28fda$1{at}w3.nls.net...
The assumption was powershell being on all machines would make the =
virus=20
writers happy, because then they could count on all the added =
capabilities=20
to be there should they decide one was handy. I did not mean that =
installing=20
powershell would reduce your security, I meant that including it =
would.
Geo.
"Rich" wrote in message news:45d27cd1{at}w3.nls.net...
Either way you have to have your worm which would almost always be =
sent=20
as native code to create a new process which could be ftp.exe et al,=20
cmd.exe, or powershell.exe. All the extra level of indirection gets =
you is=20
complexity. All a dependency on powershell.exe gets you is a much =
smaller=20
number of potential targets. It's simpler and probably smaller to use =
native code.
Rich
"Geo." wrote in message =
news:45d27a83$3{at}w3.nls.net...
So with Monad it's not like cmd, you have to start up some =
environment not
use the default?
Geo.
"Rich" wrote in message news:45d26fca$1{at}w3.nls.net...
I understand. With your example you would be better using native =
code=20
to
call ftp, tftp, or whatever instead of native code to call =
PowerShell and
then have it call ftp, tftp, or whatever.
Rich
"Geo." wrote in message =
news:45d26a23{at}w3.nls.net...
The way you get in with a worm typically is by executing some =
simple=20
code
that then downloads the worm executable, sort of like a bootstrap
operation.
Things like scripting make it easier to do that stage one and get =
the
download going.
Granted, not always required as an example sql server worm didn't =
need=20
to
use this technique, but most do. Certainly the latest NT worms =
including
the
ones that hit NT4 machines use this technique. They also use other =
handy
stuff like ftp.exe or tftp.exe. The more capabilities the easier =
it is=20
to
infect a system.
That's why the old macs were considered so secure, there just =
wasn't=20
much
to
work with. It's also why if linux gets much more popular the virus =
problem
there will be far worse than anything we've seen on windows.
Geo.
"Rich" wrote in message news:45d1e42e$1{at}w3.nls.net...
That's what I meant by "bypass the user". Makes no difference.
Rich
"Geo." wrote in message=20
news:45d19efa$2{at}w3.nls.net...
think worms not trojans. no user required.
Geo.
"Rich" wrote in message news:45d131f1$1{at}w3.nls.net...
Why? If you can fool or bypass the user to run a program you =
may=20
as
well
run a native program.
Rich
------=_NextPart_000_02FA_01C74FB0.CB5B38A0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
There is
nothing that =
native code=20
couldn't do. In other words, there are no additional =
capabilities. =20
What fraction of recent worms have used cmd.exe on Windows or one
= of the=20
shells on linux/unix?
Rich
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 5030/786 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.