From: "Geo." 

So with Monad it's not like cmd, you have to start up some environment not
use the default?

Geo.

"Rich"  wrote in message news:45d26fca$1{at}w3.nls.net...
   I understand.  With your example you would be better using native code to
call ftp, tftp, or whatever instead of native code to call PowerShell and
then have it call ftp, tftp, or whatever.

Rich
  "Geo."  wrote in message
news:45d26a23{at}w3.nls.net...
  The way you get in with a worm typically is by executing some simple code
  that then downloads the worm executable, sort of like a bootstrap
operation.
  Things like scripting make it easier to do that stage one and get the
  download going.

  Granted, not always required as an example sql server worm didn't need to
  use this technique, but most do. Certainly the latest NT worms including
the
  ones that hit NT4 machines use this technique. They also use other handy
  stuff like ftp.exe or tftp.exe. The more capabilities the easier it is to
  infect a system.

  That's why the old macs were considered so secure, there just wasn't much
to
  work with. It's also why if linux gets much more popular the virus problem
  there will be far worse than anything we've seen on windows.

  Geo.

  "Rich"  wrote in message news:45d1e42e$1{at}w3.nls.net...
     That's what I meant by "bypass the user".  Makes no difference.

  Rich

    "Geo."  wrote in message
news:45d19efa$2{at}w3.nls.net...
    think worms not trojans. no user required.

    Geo.

    "Rich"  wrote in message news:45d131f1$1{at}w3.nls.net...
       Why?  If you can fool or bypass the user to run a program you may as
  well
    run a native program.

    Rich

--- BBBS/NT v4.01 Flag-5