( |-| |2 ][ $;29401636 said:Please could someone explain how whole LANs can become infected. How can code run on a machine without someone executing it?
Machine to shared directory
Shared directory to server
Server to whole network
( |-| |2 ][ $;29401636 said:Please could someone explain how whole LANs can become infected. How can code run on a machine without someone executing it?
The code is usually deployed via an infected file. Extension doesn't really matter from what I've seen. .Zip, .Rar, .Exe, whatever.( |-| |2 ][ $;29401636 said:Please could someone explain how whole LANs can become infected. How can code run on a machine without someone executing it?
None as far as I'm aware.( |-| |2 ][ $;29401693 said:So in a hypothetical situation of a PC plugged into an infected LAN and with a drive mapped to an infected machine, but without any programs actively using that share and without a user running anything from that share, could said PC get infected?
Unless the infected PCs want to try some default admin passwords, or wait until an admin logs on.None as far as I'm aware.
I'm sceptical that viewing a PDF would be enough. If it were possible, surely it would rely on an exploit in the PDF reader?
Good reason to keep your PDF viewer up to date I suppose.
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, CVE-2016-0940, CVE-2016-0941).
These updates resolve a double-free vulnerability that could lead to code execution (CVE-2016-0935).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946).
I'm sceptical that viewing a PDF would be enough. If it were possible, surely it would rely on an exploit in the PDF reader?
Good reason to keep your PDF viewer up to date I suppose.
None as far as I'm aware.
The aim of the attack is to encrypt data on any directly mapped volumes and extract a ransom from the victim.
Account departments are often sent emails will invoices attached as .pdf files.
How does one stop this?
If one scans the attachment or email will this be picked up upon before opening?
Asking as we legitimately want some sort of defence, half these crypolockers are reported as zero day variations.
Out of interest can anybody provide me with one if these viruses. I'm running a security talk at work in May and wanted to live demo some ransom ware In a sandbox. Reply in trust is sensible. Cheers chaps.
If you do manage to get hold of one I wouldn't even try running it in a sandbox. From some of the reports I've been reading these things are (in some circumstances) can make its way onto the host machine.
If you really want to demo this then I'd be putting it on a PC not connected to anything, run it as a demonstration and then nuke the pc it from orbit once you're done...just to be sure!
If you do manage to get hold of one I wouldn't even try running it in a sandbox. From some of the reports I've been reading these things are (in some circumstances) can make its way onto the host machine.
If you really want to demo this then I'd be putting it on a PC not connected to anything, run it as a demonstration and then nuke the pc it from orbit once you're done...just to be sure!
Agreed.
I'd take an offline laptop in with a fresh install and create some test files for demonstration.
Then I'd be formatting the hell out of that drive afterwards!
Yes, but have you seen the number of security patches for Adobe Reader over the years?
At my workplace, introducing a virus onto a PC and/or onto the network would be a disciplinary. Ignorance wouldn't be a defence because we have to read up on the various company policies, of which one of them is internet usage during work hours.