[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Re: pnp worm unknown variant - postinfectionactions
- To: "Full-Disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Re: pnp worm unknown variant - postinfectionactions
- From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Wed, 17 Aug 2005 01:02:07 -0700
> Aditya Deshmukh wrote:
> > suppose we have VNC installed and that is used to take control of the
> > computer and the actions show up as done by the user - would it not be
> > caught by law enforcement ?
>
>
> What about Metasploit, which will gladly inject a RAM-only WinVNC server
> and give complete remote control without "installing" WinVNC anywhere on
> the hard drive?
>
> If your Windows box gets owned by such a thing, and you end up accused
> of the crimes that the attacker committed while they were in control of
> your box, you can kiss your ass goodbye.
exactly 100% correct, not to mention this defense will destroy a prosecution
in front of a jury
of people that can think for themselves, and an expert witness to properly
diagram the attack vector / scenario.
bravo,
mw
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/