Re: Infected Through Shares?

From: Kerry Brown (kerry_at_kdbNOSPAMsystems.c*o*m)
Date: 05/03/05


Date: Mon, 2 May 2005 18:51:41 -0700


"Allan C" <proven_solutions@hotmail.com> wrote in message
news:OyOvG53TFHA.228@TK2MSFTNGP12.phx.gbl...
> This topic is getting more worrisome the more that I think about it.
>
> I find that in home networks, very often the parents might have one or
> more
> computers for themselves and another one set aside for the 'kids'.
> The computers are all hooked up onto the same network for Internet
> sharing.
> They keep the virus scan, etc up to date but usually, sooner or later,
> some
> malware somehow gets loaded onto the kids computer.
> So my understanding, from the replies to my original post, is that even if
> all of the following is true:
> - The kids computer is not logged onto other PCs in the network.
> - There are no shares on the parents computer.
> - The parents are not logged onto the kids computer.
> ... that the parent's computer can still become infected?
>
> --
>
> Regards,
>
> Allan C
> "cquirke (MVP Windows shell/user)" <cquirkenews@nospam.mvps.org> wrote in
> message news:geed71pka520ijh5hqnths6ovikdul1fum@4ax.com...
>> On Sun, 1 May 2005 14:07:43 -0400, "Allan C"
>>
>> >I am trying to determine whether it is possible to be infected in the
>> >following scenario:
>>
>> >Let us say that we suspect that computer 'A' (Windows 98 - not 2nd
> Edition)
>> >has been infected.
>> >Also, computer 'A' has shared a directory and this share name is
> 'tester'.
>>
>> >Now, computer 'B' (XP PRO sp1) logs into computer 'A' and the user is a
>> >member of the administrators group on computer 'B'. Both computers are
>> >in
>> >the same workgroup.
>>
>> >Is it possible for computer 'B' to become infected while transferring
> files
>> >from the 'tester' share?
>>
>> Yes, in that it is reading material that could be malware or malware
>> infected. Obviously it may be infected by that material if the
>> material is explicitly "opened", but it may also be exploited when
>> handling the material in one way or another.
>>
>> What is more likely to happen is that infected computer A may actively
>> infect combuter B through B's shares. If A can write through XP's
>> hidden admin shares (they may be "hidden" but the names are standard
>> and known) then it's trivial to drop malware into (say) a StartUp
>> folder, which will run when computer B starts up again.
>>
>> Finally, File and Print Sharing may not be the only point of entry;
>> there may be opportunities through TCP/IP itself. This is more common
>> between NT and NT, e.g.Lovesan et al; the platform divide between
>> Win9x and NT often means such malware can't run on both, i.e. an NT
>> RPC exploiter can't exploit its way into a Win9x system.
>>
>>
>>
>> >---------- ----- ---- --- -- - - - -
>> Gone to bloggery: http://cquirke.blogspot.com
>> >---------- ----- ---- --- -- - - - -
>
>

A good argument for strong passwords on all accounts. If all accounts had
strong, different passwords on each computer it would be very unlikely for a
virus to pass from one computer to another on a network.

Kerry



Relevant Pages

  • RE: IDS and Spywares
    ... > to get data through the network. ... a credit card number being transmitted by some malware to the ... hIDS/hIPS have more information at the host side. ... >> better than any network based security control. ...
    (Focus-IDS)
  • Re: CPU going to 100% Suspect network driver from windows update
    ... My first instinct was to advise checking for malware, ... day which leaves me rebooting 3-4 times a day....I have noticed if i ... the network do not seem to need to be killed. ... update with a piece of bad code in it and my laptop is not ...
    (microsoft.public.windowsxp.general)
  • Russian Gang Hijacking PCs in Vast Scheme
    ... A criminal gang is using software tools normally reserved for computer network administrators to infect thousands of PCs in corporate and government networks with programs that steal passwords and other information, ... Mr. Stewart, who has determined that the gang is based in Russia, was able to locate a central program controlling as many as 100,000 infected computers across the Internet. ...
    (soc.retirement)
  • RE: Services.exe strange behaviour
    ... Also, if my wireless network connection is enabled, services.exe will ... They will scan it for malware with almost all antivirus softwares with the ... Do a repair install of Windows. ...
    (microsoft.public.security)
  • Re: Strange one
    ... Thanks for the tips Malke, I have an external drive for backing up. ... Same thing seems to have gotten into my laptop, which also is running McAfee Internet Security. ... I'm thinking I picked up a bug from an unsecured wireless network at a hotel a week ago, but how it got past all the McAfee stuff is a mystery ... There are so many viruses and variants of different malware that it is impossible to guess what you've got. ...
    (microsoft.public.security.virus)