Quote:
|
Originally Posted by MrBrian
Expanding on my last thought, this would be a good time to consider how you would have fared against this particular malware had you been exposed to it two or three weeks ago, before it was widely known. And for those who normally use a standard user account, also consider what would have happened if you had browsed an infected USB stick while using an admin account.
|
Most any reasonable setup would have stopped it, it seems, now that it's been revealed this is simply a shell vulnerability that only gains the attacker the privileges of the currently logged in user, not superuser level access to the system.
As far as infected USB sticks are concerned, it's not a good idea to stick such things in the system while logged in as admin. If you've got a suspect stick, it could be worth checking it first without admin privileges. The rootkit drivers won't be able to hide the malicious .lnk and .tmp files on the USB drive if the rootkit drivers can't install due to limited users not having the required privilege. Seeing such unexplained files should be warning enough to delete the contents of the stick, at the very least the unexplained .lnk and .tmp files.
