Re: [Full-Disclosure] Viral infection via Serial Cable
From: stephane nasdrovisky (stephane.nasdrovisky_at_paradigmo.com)
Date: 09/02/04
- Previous message: Rahul K: "[Full-Disclosure] unsubsrcibe"
- In reply to: Qber_GuidoZ?=: "Re: [Full-Disclosure] Viral infection via Serial Cable"
- Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Viral infection via Serial Cable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Full Disclosure <full-disclosure@lists.netsys.com> Date: Thu, 02 Sep 2004 08:26:56 +0200
Most viruses use the user (they expect to contact a stupid user which
will execute it), they don't care how it reached your pc, it knows the
user will spread it somehow (i.e. it's a nice porno exe which will be
sent to friends, ...). Current viruses do not even need user
interaction, some expect to contact a stupid user who's using some
outlook flavor.
The worms are using servers and their vulnerabilities (and the admin
lazyness), ip or higher level email features.
Current viruses and worms are not very different as they do not always
need user action. Some viruses could be called worms as they spread
automatically, using server features of some clients.
Back in the 80s and early 90s, I was using fidonet (a modem/rs232 based
network), file and email transfers were automatic (using a software like
binkley term). There were no known way for automatically execute the
files you received (outlook or outlook express did not exist, not even
windows nt, just msdos), but viruses were working anyway. It was the
begining of companies like mcafee! That was the time I first checked my
executables before executing anything on my PC.
Über GuidoZ wrote:
>James Tucker said:
>
>
>>4. Most viruses in circulation today use TCP/IP or higher level
>>protocols, not native RS232.
>>
>>
>
>AND
>
>
>
>>Personally I never saw or heard of a virus which tries to communicate
>>with another computer attached to an RS232 port (maybe a laplink
>>virus or the like??), as this is an unusual scenario.
>>
>>
>
>Exactly the point I was trying to make. Nothing more, nothing less.
>
>
I too never heard such a think, which doesn't mean:
-such a virus/worm does not exist
-the software on any side of the rs232 link is not vulnerable (I guess
the risk will not come from a virus/worm but a targeted attack by
someone knowing the vulnerabilities of this soft and also knowing your
network infrastructure and that you have this soft)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Rahul K: "[Full-Disclosure] unsubsrcibe"
- In reply to: Qber_GuidoZ?=: "Re: [Full-Disclosure] Viral infection via Serial Cable"
- Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Viral infection via Serial Cable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
