Quote:
|
Originally Posted by wat0114
...would a whitelist or other anti-executable measure stop this?
|
I put the files on a USB drive and they are flagged as I view the drive in Windows Explorer:
This exploit goes nowhere with proper protection in place. To test, using the command prompt, which simulates a lnk file attempting to start the two ~tmp files (see screen shot of the lnk file in the PDF):
Being an espionage exploit, as has been suggested, begs the question of how company personnel acquire a USB drive infected with these files.
One scenario was proven to work some years ago. This article references a penetration test from 2006:
Island Hopping: The Infectious Allure of Vendor Swag
http://technet.microsoft.com/en-us/m...ritywatch.aspx
The original article was on DarkRoom's Perimeter/Security page, but doesn't seem to be accessible now.
----
rich