Geo. wrote:
I could think of even worse places to put it.far-fetched. Would it be possible to create a jpeg that would copy
itself to other drives on a shared network in an auto-executable position? I suppose so... however, it would be noisy and probably wouldn't be amazingly successful.<<
Picture a company full of users and a worm that copys the jpg file to \\machinename\c$\Documents and Settings\All Users\Desktop
you think it might get a few clicks, especially if it had a harmeless yet tempting name like saturn.jpg
Geo.
Of course, some companies would fall victim to this, but in an even remotely secured network domain, you'd probably have to compromise a domain admin's system and try to spread on shares via that login.
-Barry
p.s. By making the inherent assumption here that admins would be less likely to get infected with this than average users and that the average network is even remotely secured, I'm probably (definately?) giving corporate networks more slack than they deserve. Referring to this attack vector as "wouldn't be amazingly successful" is probably wildly optimistic on my part.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
