Re: Microsoft blames Vista insecurity on thirdparty applications

[Blue Boar <BlueBoar () thievco com>]

Nick FitzGerald wrote:
> Did you find it because it triggered its payload?

Nah.  There was no mechanism to execute the file, it would just collect
them.  It was an open share faked up to look like a Windows 9x C drive
share.  There was some malware at the time that was scanning for open
shares.  If \windows\system32 existed, it would drop and try to modify
win.ini or something.  Then it would send ping-of-death type attacks to
try to get the box to reboot, and therefore execute the code.

So I was just picking up the files that got delivered, and checking them
out.  I got a lot of Nimda.  If the infected box attacking had both
worms, one would connect to the open share, and then Nimda would run
across the connected share, and drop itself too.  I was researching
Nimda not long before that too, so I had some quick tests that told me
something was likely Nimda.

I had something that wasn't quite right (Size?  Can't remember), so I
looked into a bit more.  It sorta looked like Nimda, but when I threw
some virus scanners at it, they identified it as this BIOS killer.  A
couple said it was both.

So yeah, three pieces of malware cooperating to get something on my box.
 A little freaky.

                                        Ryan
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.