> How? (This is hypothetical here) I am running XPSP2 and my firewall is > on. I don't have file and print sharing on, as is the case with the > overwhelming majority of XPSP2 users.
Change the perspective at which you look at it. Plant the seed (think drive-by, think rouge antivirus/antispyware, think SQL Injection/IFRAME mass compromises, malicious SWF/MP3/PDF, rotating banner ads, ...) and *then* let it spread (RPC/network propagation). Could be a major pain-in-the-ass once inside a corporate network don't you think? http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
