Posted Tuesday 30th September 2008 12:48 GMT
"For malware, it's rather unique to see such a technique being used."
It is not malware, it is Sticky Sweet Palware when IT Tempts One 42 Play Great Games.
Posted Tuesday 30th September 2008 13:36 GMT
See above.
(on a lighter note, a properly patched machine will be reasonably mitigation for this one)
Posted Tuesday 30th September 2008 13:36 GMT
"The worm uses a long-standing Windows vulnerability"
i'm guessing that it's the autorun 'feature' itself that's the vulnerability. Whoever thought that allowing things to run automatically, when inserting foreign media, was a good idea deserves to be publically flogged!
Posted Tuesday 30th September 2008 13:59 GMT
If the vulnerability has been patched for over a year, where's the beef?
Oh, and nice job not telling us which versions of Windows were vulnerable. Top notch reporting, that.
Posted Tuesday 30th September 2008 22:45 GMT
A few weeks ago at work. Was a pain to get rid of. Eventually just noted what was running at startup that wasn't signed, pulled the HD, deleted files with drive mounted on another machine (with autoruns disabled), then reinstalled & cleaned up the registry.
Strongly recommend using the Group Policy editor to disable autoruns on all drives.
Start>Run>gpedit.msc
Posted Tuesday 30th September 2008 22:45 GMT
...were legally obliged to send a physical copy of every critical fix to every registered user, they'd soon get the hang of checking for flaws...
Posted Tuesday 30th September 2008 22:47 GMT
Isn't GDI exploitation dead? Patched to death, and running in user level code only, neutering anything running in a limited user account. So much for root kits.
You sound like your colleague, beating dead horses and scaring us into hitting the update button multiple times per day.
Back to the article