On 1 Apr 2010 at 6:09, David Lum wrote:
> This is an interesting one, it comes through as a print processor and gets
> called by spoolsv,eve:
> http://www.surfright.nl/en/home/press/tdl3-rootkit-still-large-issue-for-ant
> i-virus-programs We had a machine hit with it but I canĀ“t tell if McAfee
>
On 1 Apr 2010 at 6:09, David Lum wrote:
>
> This is an interesting one, it comes through as a print processor and
> gets called by spoolsv,eve:
>
> http://www.surfright.nl/en/home/press/tdl3-rootkit-still-large-issue-for-ant
> i-virus-programs
>
> We had a machine hit with it bu
This is an interesting one, it comes through as a print processor and gets
called by spoolsv,eve:
http://www.surfright.nl/en/home/press/tdl3-rootkit-still-large-issue-for-anti-virus-programs
We had a machine hit with it but I can't tell if McAfee should have caught it
or not - we don't have McAf
extra stuff is irrelevant.
Cheers
Ken
From: Ziots, Edward [EMAIL PROTECTED]
Sent: Wednesday, 19 November 2008 8:03 PM
To: NT System Admin Issues
Subject: RE: New .NET Rootkits are you safe?
I agree, its just an interesting new vector to an old problem. An
-
From: Ben Scott [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 4:13 PM
To: NT System Admin Issues
Subject: Re: New .NET Rootkits are you safe?
On Tue, Nov 18, 2008 at 10:15 AM, Ziots, Edward <[EMAIL PROTECTED]>
wrote:
> Honestly, those library should be signed and the if
Hey, it's that principle of least privilege thing again!
Ben Scott wrote:
> If Microsoft built that in to the .NET Framework code, that just
> means the bad guys would have to patch that binary before running
> their code. If they're running with system privileges, they can do
> anything they w
On Tue, Nov 18, 2008 at 10:15 AM, Ziots, Edward <[EMAIL PROTECTED]> wrote:
> Honestly, those library should be signed and the if the signature isn't
> from Microsoft ... it should be removed from the system and reinstalled ...
If Microsoft built that in to the .NET Framework code, that just
mean
2008 10:16 AM
To: NT System Admin Issues
Subject: RE: New .NET Rootkits are you safe?
Yep they metioned that also, in the slides, and I figured it makes sense. A
lot of folks are logged on as administrators of there computers sometimes,
browsing internet, etc, so one-drive by exploit, a T
ECTED]
Sent: Tuesday, November 18, 2008 9:45 AM
To: NT System Admin Issues
Subject: RE: New .NET Rootkits are you safe?
It seems the noticeable performance issues are in the GUI's and I should
have said that.
EMC vs EMS for example. That's just bad.
-Original Message-
From: M
+, Network +
From: Michael B. Smith [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 8:49 AM
To: NT System Admin Issues
Subject: RE: New .NET Rootkits are you safe?
It's post-exploitation, i.e., you must already have been hacked to do
this. It's a payload, not a direct exploit
din.com/in/theessentialexchange
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 9:15 AM
To: NT System Admin Issues
Subject: RE: New .NET Rootkits are you safe?
Just because everything written in .NET runs at about 1/3 the speed it did
before do
That doesn't work.
Actually any man itself is pretty sweet.
No.
-Original Message-
From: Andy Shook [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 6:17 AM
To: NT System Admin Issues
Subject: RE: New .NET Rootkits are you safe?
the framework = any man
Shook
-Ori
t: RE: New .NET Rootkits are you safe?
Not if you've ngen'ed it.
The Exchange 2007 Transport Engine kicks butt against the Exchange 2003
Transport Engine (IIS SMTP).
Regards,
Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
L
Grammer...smammer
Shook
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 9:23 AM
To: NT System Admin Issues
Subject: RE: New .NET Rootkits are you safe?
That doesn't work.
Actually any man itself is pretty swee
the framework = any man
Shook
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 9:15 AM
To: NT System Admin Issues
Subject: RE: New .NET Rootkits are you safe?
Just because everything written in .NET runs at about 1/3 the speed it did
ssues
Subject: Re: New .NET Rootkits are you safe?
I thought .NET _was_ a #$&@ root kit!
--
Richard McClary, Systems Administrator
ASPCA Knowledge Management
1717 S Philo Rd, Ste 36, Urbana, IL 61802
217-337-9761
http://www.aspca.org
"Ziots, E
Sorry, what I meant to say was, what would John Conner do!?
Thanks,
Jake Gardner
TTC Network Administrator
Ext. 246
-Original Message-
From: Ziots, Edward [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 8:17 AM
To: NT System Admin Issues
Subject: RE: New .NET Rootkits
Sent: Tuesday, November 18, 2008 8:06 AM
To: NT System Admin Issues
Subject: New .NET Rootkits are you safe?
http://www.applicationsecurity.co.il/english/NETFrameworkRootkits/tabid/161/
Default.aspx
Some scary stuff J
Z
Edward E. Ziots
Network Engineer
Lifespan Organization
.NET Rootkits are you safe?
It is now. And you don't even know it is going on. Go through the PPT
slide deck, sinister, all I gotta say, and M$ doesn't even check there
signatures? (Wows revelation)
Z
Edward E. Ziots
Network Engineer
Lifespan Organization
Email: [EMAIL PROTECTED]
Phon
I, ME, CCA, Security +, Network +
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2008 8:16 AM
To: NT System Admin Issues
Subject: Re: New .NET Rootkits are you safe?
I thought .NET _was_ a #$&@ root kit!
I thought .NET _was_ a #$&@ root kit!
--
Richard McClary, Systems Administrator
ASPCA Knowledge Management
1717 S Philo Rd, Ste 36, Urbana, IL 61802
217-337-9761
http://www.aspca.org
"Ziots, Edward" <[EMAIL PROTECTED]> wrote on 11/18/2008 07:06:21 AM:
> http:
http://www.applicationsecurity.co.il/english/NETFrameworkRootkits/tabid/
161/Default.aspx
Some scary stuff :-)
Z
Edward E. Ziots
Network Engineer
Lifespan Organization
Email: [EMAIL PROTECTED]
Phone: 401-639-3505
MCSE, MCP+I, ME, CCA, Security +, Network +
___
22 matches
Mail list logo