RE: [Full-Disclosure] Viral infection via Serial Cable

Glenn_Everhart_at_bankone.com
Date: 08/31/04

  • Next message: Barry Fitzgerald: "Re: [Full-Disclosure] Viral infection via Serial Cable"
    To: <gruneberg@absamail.co.za>, <full-disclosure@lists.netsys.com>
    Date: Tue, 31 Aug 2004 09:37:51 -0400
    
    

    A serial connection using protocols like xmodem, ymodem, kermit, or
    the like might well avoid exposing a machine to malware. A malware
    program must be able to use some facilities offered by a network
    typically if it is to propagate on a network. Serial connections
    running occasional file transfer protocols don't offer services that
    most malware would know how to use. This does not mean there are no
    services; just that a malware author is unlikely to notice a serial
    line and test, say, for a kermit or uucp server at the other end. (If those
    allow access only to a single directory containing nothing interesting,
    too, that isn't going to allow much exposed function for attacks.)

    Obviously if the serial line carries IP somehow, it might be used without
    the malware even noticing anything difficult.

    An intermediate ground like using some not currently fashionable
    serial network (e.g., run DECnet over the line) would probably
    avoid being exploited too, but someone who knew what was going on
    could attack it or use it to spread malware.

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Jean
    Gruneberg
    Sent: Monday, August 30, 2004 3:21 PM
    To: 'Full Disclosure'
    Subject: RE: [Full-Disclosure] Viral infection via Serial Cable

    Hi all

    Thanks for the info. I presumed there wasn't anything running around that
    normally would 'see' a serial connection and keeping the machine off an
    ordinary network system will protect it machine...

    Need to look at the pc more to see if and what patches / sp etc have been
    applied as well, if it is a vanilla system etc Pity the machine runs 18
    hours a day and they don't like taking it offline for the IT guy to have a
    look see ;-)

    Jean

    ---
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.744 / Virus Database: 496 - Release Date: 2004/08/24
     
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    **********************************************************************
    This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you
    **********************************************************************
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: Barry Fitzgerald: "Re: [Full-Disclosure] Viral infection via Serial Cable"

    Relevant Pages

    • RE: IDS and Spywares
      ... > to get data through the network. ... a credit card number being transmitted by some malware to the ... hIDS/hIPS have more information at the host side. ... >> better than any network based security control. ...
      (Focus-IDS)
    • Re: CPU going to 100% Suspect network driver from windows update
      ... My first instinct was to advise checking for malware, ... day which leaves me rebooting 3-4 times a day....I have noticed if i ... the network do not seem to need to be killed. ... update with a piece of bad code in it and my laptop is not ...
      (microsoft.public.windowsxp.general)
    • RE: Services.exe strange behaviour
      ... Also, if my wireless network connection is enabled, services.exe will ... They will scan it for malware with almost all antivirus softwares with the ... Do a repair install of Windows. ...
      (microsoft.public.security)
    • Re: Strange one
      ... Thanks for the tips Malke, I have an external drive for backing up. ... Same thing seems to have gotten into my laptop, which also is running McAfee Internet Security. ... I'm thinking I picked up a bug from an unsecured wireless network at a hotel a week ago, but how it got past all the McAfee stuff is a mystery ... There are so many viruses and variants of different malware that it is impossible to guess what you've got. ...
      (microsoft.public.security.virus)
    • Re: Strange one
      ... re-install everything else after a clean install which sounds like the ... On a home network. ... McAfee Internet Security running with all the options on. ... McAfee is pretty dreadful and won't deal with much malware in any case. ...
      (microsoft.public.security.virus)