One thing I'm not sure on in that...PowerShell runs in two modes, just like other apps and services: logged-on user and administrative user. They never mention in that article whether or not administrative rights are required for the malware to make those changes.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Friday, March 28, 2014 2:10 PM To: [email protected] Subject: Re: [NTSysADM] This is a new and interesting one (to me, anyway) Very interesting, but not hugely surprising. A ubiquitous and very powerful scripting language is bound to be abused, and it's going to be difficult to guard against, especially for those with admin privileges. Kurt On Fri, Mar 28, 2014 at 10:22 AM, James Rankin <[email protected]> wrote: > http://blog.trendmicro.com/trendlabs-security-intelligence/word-and-ex > cel-files-infected-using-windows-powershell/ > > -- > James Rankin > --------------------- > RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The > Virtualization Practice Analyst - Desktop Virtualization > http://appsensebigot.blogspot.co.uk
