| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Windows PowerShell |
From: "Rich"
This is a multi-part message in MIME format.
------=_NextPart_000_02AA_01C74F9A.0F5FC140
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I understand. With your example you would be better using native =
code to call ftp, tftp, or whatever instead of native code to call =
PowerShell and then have it call ftp, tftp, or whatever.
Rich
"Geo." wrote in message
news:45d26a23{at}w3.nls.net...
The way you get in with a worm typically is by executing some simple =
code=20
that then downloads the worm executable, sort of like a bootstrap =
operation.=20
Things like scripting make it easier to do that stage one and get the=20
download going.
Granted, not always required as an example sql server worm didn't need =
to=20
use this technique, but most do. Certainly the latest NT worms =
including the=20
ones that hit NT4 machines use this technique. They also use other =
handy=20
stuff like ftp.exe or tftp.exe. The more capabilities the easier it is =
to=20
infect a system.
That's why the old macs were considered so secure, there just wasn't =
much to=20
work with. It's also why if linux gets much more popular the virus =
problem=20
there will be far worse than anything we've seen on windows.
Geo.
"Rich" wrote in message news:45d1e42e$1{at}w3.nls.net...
That's what I meant by "bypass the user". Makes no difference.
Rich
"Geo." wrote in message =
news:45d19efa$2{at}w3.nls.net...
think worms not trojans. no user required.
Geo.
"Rich" wrote in message news:45d131f1$1{at}w3.nls.net...
Why? If you can fool or bypass the user to run a program you may =
as=20
well
run a native program.
Rich
------=_NextPart_000_02AA_01C74F9A.0F5FC140
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I
understand. With =
your example=20
you would be better using native code to call ftp, tftp, or whatever = instead of=20
native code to call PowerShell and then have it call ftp, tftp, or=20
whatever.
Rich
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 5030/786 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.