Would NoScript be able to prevent this new type of Malware from infecting a usb drive in the first place.
http://krebsonsecurity.com/2010/07/expe ... tcut-flaw/
New malware/would NoScript prevent infection?
New malware/would NoScript prevent infection?
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: New malware/would NoScript prevent infection?
Unfortunately not, because this vulnerability has nothing to do with the web and gets exploited as soon as you insert the infected USB dongle and browse its content in Windows Explorer (note: Windows Explorer is a filesystem browser, while Internet Explorer is a web browser -- the two used to be the same in the early days, but now they're very different).
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Re: New malware/would NoScript prevent infection?
Thanks Giorgio, I just had trouble understanding how you could get infected by this malware simply by opening Windows explorer when you have a USB drive connected. Still not sure I fully understand.
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: New malware/would NoScript prevent infection?
Windows performs some actions automatically when you insert an USB drive. This attack exploits a flaw in one of these operations.eradic8 wrote:Thanks Giorgio, I just had trouble understanding how you could get infected by this malware simply by opening Windows explorer when you have a USB drive connected. Still not sure I fully understand.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Re: New malware/would NoScript prevent infection?
Appears this is not a "typical" autorun vulnerability.
Dslreports: Rootkit-TmpHider - USB infector without usage of Autorun.inf
MS: Microsoft Security Advisory (2286198) Vulnerability in Windows Shell Could Allow Remote Code Execution
Dslreports: Rootkit-TmpHider - USB infector without usage of Autorun.inf
MS: Microsoft Security Advisory (2286198) Vulnerability in Windows Shell Could Allow Remote Code Execution
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; Windows NT 6.1; en-US; rv:2.0b2pre) Gecko/20100715 SeaMonkey/2.1a3pre
Re: New malware/would NoScript prevent infection?
Thanks Guys, I undesrstand Microsoft are taking this very seriously and are currently working on a patch for this vunerability. Hopefully they will sort it out soon, in the meantime I will have to hope my Norton 2010 internet security can protect me from this vunerability.
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Re: New malware/would NoScript prevent infection?
Norton 2010 is a signature-based virus-scanner in the first place and with this functionality, it won't protect you against the vulnerability per se but against infection with known malware.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Re: New malware/would NoScript prevent infection?
Interesting read, Vulnerability in Windows Shell Could Allow Remote Code Execution.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; Windows NT 6.1; rv:2.0b2pre) Gecko/20100720 SeaMonkey/2.1a3pre
Re: New malware/would NoScript prevent infection?
It just got a whole lot worse. http://www.sophos.com/blogs/gc/g/2010/0 ... ges-risky/
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.7) Gecko/20100713 Firefox/3.6.7