Re: Infected Through Shares?

From: Kerry Brown (kerry_at_kdbNOSPAMsystems.c*o*m)
Date: 05/03/05

Date: Mon, 2 May 2005 18:51:41 -0700

"Allan C" <> wrote in message
> This topic is getting more worrisome the more that I think about it.
> I find that in home networks, very often the parents might have one or
> more
> computers for themselves and another one set aside for the 'kids'.
> The computers are all hooked up onto the same network for Internet
> sharing.
> They keep the virus scan, etc up to date but usually, sooner or later,
> some
> malware somehow gets loaded onto the kids computer.
> So my understanding, from the replies to my original post, is that even if
> all of the following is true:
> - The kids computer is not logged onto other PCs in the network.
> - There are no shares on the parents computer.
> - The parents are not logged onto the kids computer.
> ... that the parent's computer can still become infected?
> --
> Regards,
> Allan C
> "cquirke (MVP Windows shell/user)" <> wrote in
> message
>> On Sun, 1 May 2005 14:07:43 -0400, "Allan C"
>> >I am trying to determine whether it is possible to be infected in the
>> >following scenario:
>> >Let us say that we suspect that computer 'A' (Windows 98 - not 2nd
> Edition)
>> >has been infected.
>> >Also, computer 'A' has shared a directory and this share name is
> 'tester'.
>> >Now, computer 'B' (XP PRO sp1) logs into computer 'A' and the user is a
>> >member of the administrators group on computer 'B'. Both computers are
>> >in
>> >the same workgroup.
>> >Is it possible for computer 'B' to become infected while transferring
> files
>> >from the 'tester' share?
>> Yes, in that it is reading material that could be malware or malware
>> infected. Obviously it may be infected by that material if the
>> material is explicitly "opened", but it may also be exploited when
>> handling the material in one way or another.
>> What is more likely to happen is that infected computer A may actively
>> infect combuter B through B's shares. If A can write through XP's
>> hidden admin shares (they may be "hidden" but the names are standard
>> and known) then it's trivial to drop malware into (say) a StartUp
>> folder, which will run when computer B starts up again.
>> Finally, File and Print Sharing may not be the only point of entry;
>> there may be opportunities through TCP/IP itself. This is more common
>> between NT and NT, e.g.Lovesan et al; the platform divide between
>> Win9x and NT often means such malware can't run on both, i.e. an NT
>> RPC exploiter can't exploit its way into a Win9x system.
>> >---------- ----- ---- --- -- - - - -
>> Gone to bloggery:
>> >---------- ----- ---- --- -- - - - -

A good argument for strong passwords on all accounts. If all accounts had
strong, different passwords on each computer it would be very unlikely for a
virus to pass from one computer to another on a network.