Yep they metioned that also, in the slides, and I figured it makes sense. A lot of folks are logged on as administrators of there computers sometimes, browsing internet, etc, so one-drive by exploit, a Trojan dropper, putting there trojanized dll in the GAC is a pretty sinister exploit.
God knows what they are going to think of next. Honestly, those library should be signed and the if the signature isn't from Microsoft ( Versign CA signed and validated) it should be removed from the system and reinstalled from trusted media, but from first read it doesn't seem like that is what M$ is doing there, unless I am not understanding Ngen right ( its early, and I been patching since 4:00am est) Z Edward E. Ziots Network Engineer Lifespan Organization Email: [EMAIL PROTECTED] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + ________________________________ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2008 8:49 AM To: NT System Admin Issues Subject: RE: New .NET Rootkits are you safe? It's post-exploitation, i.e., you must already have been hacked to do this. It's a payload, not a direct exploitation itself. It requires Administrative privileges. It isn't unique to .NET; Java is just as vulnerable. I remember MSIL injection discussed before .NET languages were ever released. But yes, still a little scary. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2008 8:06 AM To: NT System Admin Issues Subject: New .NET Rootkits are you safe? http://www.applicationsecurity.co.il/english/NETFrameworkRootkits/tabid/ 161/Default.aspx Some scary stuff :-) Z Edward E. Ziots Network Engineer Lifespan Organization Email: [EMAIL PROTECTED] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + ________________________________ From: Robert Cato [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2008 6:19 PM To: NT System Admin Issues Subject: Re: Adobe Acrobat won't convert files to PDF after MS Update ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
