> What is required for this attack to occur? Does the > victim/user have to visit a website hosting the malware? > (Note the website could be having ads for bandaids that > have the malware as the actual content not the bandaids) > > Or can the user sit behind their router (NAT'ed) and be > infected.
If you are unpatched and don't use any kind of firewall and/or you have file and print sharing turned on, you'll most likely be infected. Windows XP SP2 and SP3 has the firewall turned on by default, but since file and print sharing creates an exception in the firewall, that won't help you here. (Windows Vista is vulnerable, but to a much lesser degree than XP.) A hardware firewall is best, even if it's just a router using NAT. >From MS security site: http://tinyurl.com/6qnwnv "If you are behind a perimeter firewall that filters inbound connections to TCP ports 139 and 445, you will not be reachable from the Internet. This is a common home user scenario. In this scenario, only the machines in your local LAN will have the ability to exploit this vulnerability." The best course is to apply the patch; I've done it to my home machines and all of my PCs on my network at work. No problems to report. Test to see what ports are open at Steve Gibson's ShieldsUp!: https://www.grc.com/x/ne.dll?bh0bkyd2 ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
