how do virus spread via network shares?

Discussion in 'Virus Information' started by edward, May 20, 2010.

  1. edward

    edward Guest

    I can see a virus getting in the shared folder by adding a file or maybe
    editing a files already there but how would it get run.
    windows xp and vista latest sp's auto windows update's.
    only one folder is shared c:\share\.
    the pctool's firewall is blocking the laptop except when I need to transfer
    files.
    was really wondering though what the infection risk is.
    the only thing I can think of for automatic execution is an exploit.

    any info would be nice thank you.
     
    edward, May 20, 2010
    #1
    1. Advertisements

  2. From: "edward" <>

    | I can see a virus getting in the shared folder by adding a file or maybe
    | editing a files already there but how would it get run.
    | windows xp and vista latest sp's auto windows update's.
    | only one folder is shared c:\share\.
    | the pctool's firewall is blocking the laptop except when I need to transfer
    | files.
    | was really wondering though what the infection risk is.
    | the only thing I can think of for automatic execution is an exploit.

    | any info would be nice thank you.


    Bots (RBot, GAOBot, etc) and Viruses usually exploit weak passwords with dictionary
    attacks. That is the use a list of well known BAD passwords such as; admin and password
    Look at the logs and see if there are numerous bad attempts to access a share.

    If you are sharing a folder, make sure that you use strong passwords such as 8~10
    characters with a good mix of uppercase, lowercase numbers and special characters.

    Also they will attack administrative shares such as IPC$ and C$. Make sure the
    administrator account is locked down with a string password.

    Once they are in a system they can replace files with malware and thus infect the
    computer. Once infected that computer will too use worm methodologies to infect other
    computers.

    Exploitation is another matter. For example Lovsan/Blaster worm exploited a buffer
    overflow in TCP port 135 and RPC/DCOM to infect computers. The Sasser worm worm exploited
    a buffer overflow in TCP port 445 and LSASS to infect computers.

    Viruses that use network protocols to spread and infect other computers are Internet
    worms.
     
    David H. Lipman, May 20, 2010
    #2
    1. Advertisements

  3. A virus doesn't require autoexecution of its replicant, that is more a
    feature of a true worm. As you mentioned, if a program file can be
    edited to include a viral function (becomes a virus through infection),
    then it can just wait until the program *eventually* gets executed.
    Programs that self-replicate but don't "infect" and also don't
    autoexecute are also considered worms (self-contained malware rather
    than being "hosted" by a program) but are not "true worms" which always
    autoexecute.
     
    FromTheRafters, May 20, 2010
    #3
  4. edward

    edward Guest

    ok have xp home fully patched.
    one account admin no password
    no other accounts that I know of.
    pctools firewall nav 2010 and threatfire.
    the firewall is blocking all inbound except when I set it to allow the
    laptop to connect.
    the only folder set for share is c:\share\
    laptop can write to it.
    xp is fully patched are there any known exploit's for a virus to install on
    the machine silently.
    excluding adding a file to c:\share\ and me running it.
     
    edward, May 26, 2010
    #4
  5. From: "edward" <>

    | ok have xp home fully patched.
    | one account admin no password
    | no other accounts that I know of.
    | pctools firewall nav 2010 and threatfire.
    | the firewall is blocking all inbound except when I set it to allow the
    | laptop to connect.
    | the only folder set for share is c:\share\
    | laptop can write to it.
    | xp is fully patched are there any known exploit's for a virus to install on
    | the machine silently.
    | excluding adding a file to c:\share\ and me running it.


    and... ?
    Is there a question in that ?

    Are you asking how screwed you can be with "one account admin no password" ?
    If yes... quite screwed !
     
    David H. Lipman, May 26, 2010
    #5
  6. Not a good idea. You should create a standard user (limited) account to
    use.

    [...]
    Sure there are, and as administrator you relieve them of the need to
    escalate privilege to "install" themselves (if that is what they do).
     
    FromTheRafters, May 26, 2010
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.