If the logged on user has administrative privileges...
On Fri, Mar 28, 2014 at 11:46 AM, Rod Trent <[email protected]> wrote:
> One thing I'm not sure on in that...PowerShell runs in two modes, just like
> other apps and services: logged-on user and administrative user. They never
> mention in that article whether or not administrative rights are required for
> the malware to make those changes.
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> On Behalf Of Kurt Buff
> Sent: Friday, March 28, 2014 2:10 PM
> To: [email protected]
> Subject: Re: [NTSysADM] This is a new and interesting one (to me, anyway)
>
> Very interesting, but not hugely surprising. A ubiquitous and very powerful
> scripting language is bound to be abused, and it's going to be difficult to
> guard against, especially for those with admin privileges.
>
> Kurt
>
> On Fri, Mar 28, 2014 at 10:22 AM, James Rankin <[email protected]> wrote:
>> http://blog.trendmicro.com/trendlabs-security-intelligence/word-and-ex
>> cel-files-infected-using-windows-powershell/
>>
>> --
>> James Rankin
>> ---------------------
>> RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The
>> Virtualization Practice Analyst - Desktop Virtualization
>> http://appsensebigot.blogspot.co.uk
>
>
>
>
>
>
>
