These were open lab machines with NO antivirus, autorun wasn't disabled but the patch was on. Also the user has full control. My guess is the autorun kicked in and it was toast. Fortunately the boxes all had deep freeze so the infection wasn't permanent. Most of that has been changed though, AV is now on the boxes and it has caught a few on flash drives. So far so good.
-----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Friday, March 20, 2009 2:51 PM To: NT System Admin Issues Subject: Re: April 1st Conflicker Version C to erupt On Fri, Mar 20, 2009 at 1:35 PM, Glen Johnson <[email protected]> wrote: > I can definitely confirm that a patched machine can get infected from an > infected flash drive. Any details on this? Is it the AUTORUN.INF thing, where simply loading a USB drive causes Windows to go and run whatever the drive says to? Or did the user manually double-click the Trojan horse executable file on the drive? Or something else? Was it able to bypass anti-virus software and/or escalate its privileges? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
