[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fwd: Comment on: USB devices spreading viruses

To: n3td3v <xploitable@xxxxxxxxx>
Subject: Re: [Full-disclosure] Fwd: Comment on: USB devices spreading viruses
From: "Bipin Gautam" <bipin.gautam@xxxxxxxxx>
Date: Fri, 21 Nov 2008 22:42:53 +0545

USB / FLOPPY are attractive means for virus/worm to propagate. Here is
a workaround to stop a successful infection from happening (well ~99%
of the time least)

1. if you dont use wscript.exe disable/rename it.

2. start menu > control pannel > administrative tools > local security
policy >software restriction policy >additional rules

say if c:\ d:\ and e:\ are your fixed drives then....

right click additional rules > create path rule and create path rule
[DISALLOWED AS]

c:\*.*
d:\*.*
e:\*.*

// why let anything to execute from root of fixed drives.

for all other drives (removable/non existing) from a - z do as
a:\
b:\
f:\
g:\
........and so on. Why let anything execute from removable drive
unless you are 100% sure the pendrive is clean and from a trusted
source only.

always have file extension and hidden/protected system file to "show
by default" from folder option.

well this is it. From a personal experience i assure the above should
be the BEST solution for this problem and a extra layer of defense if
AV fails to detect it.

thanks,
-bipin

On 11/21/08, n3td3v <xploitable@xxxxxxxxx> wrote:
> ---------- Forwarded message ----------
> From: n3td3v <xploitable@xxxxxxxxx>
> Date: Fri, Nov 21, 2008 at 1:11 AM
> Subject: Comment on: USB devices spreading viruses
> To: n3td3v <n3td3v@xxxxxxxxxxxxxxxx>
>
>
> by n3td3v November 20, 2008 5:08 PM PST
>
> "Meanwhile, the U.S. Department of Defense has temporarily banned the
> use of thumb drives, CDs, and other removable storage devices because
> of the spread of the Agent.bzt virus..."
>
> There is no security through obscurity.
>
> http://news.cnet.com/8618-1009_3-10104496.html?communityId=2114&targetCommunityId=2114&blogId=83&messageId=5043948&tag=mncol;tback
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

-- 
x-no-archive: yes

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Fwd: Comment on: USB devices spreading viruses
  - From: Salvador III Manaois
- Re: [Full-disclosure] [inbox] Re: Fwd: Comment on: USB devices spreading viruses
  - From: Exibar

References:
- [Full-disclosure] Fwd: Comment on: USB devices spreading viruses
  - From: n3td3v

Prev by Date: Re: [Full-disclosure] Giving back to the open source community (A solution to blackhat hackers)
Next by Date: Re: [Full-disclosure] Fwd: Comment on: USB devices spreading viruses
Previous by thread: [Full-disclosure] Fwd: Comment on: USB devices spreading viruses
Next by thread: Re: [Full-disclosure] Fwd: Comment on: USB devices spreading viruses
Index(es):
- Date
- Thread