|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Lincoln Yeoh (lyeoh
pop.jaring.my)
Date: Sat Jun 16 2007 - 14:36:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 01:10 AM 6/9/2007, Valdis.Kletnieksvt.edu wrote:
>The *real* attack vector here is "Can you, as an outsider, get the sysadmin
>to run a installer script that *looks* OK at first glance, but ends up
>doing something untoward by abusing the setup.exe that the sysadmin sees
>in the script but doesn't actually look closely at"?
Sure.
Install notes:
perl Makefile.PL
make
make test
make install
If you look at the Windows malware - a lot of attackers don't even
care about getting "admin", just normal user privileges are good
enough to do what they want (zombies to send spam, DoS, etc).
cron jobs + LWP + Google + eval = fun, right?
Could always look in ~/Maildir etc for "Spam" to eval too.
Have a nice day ;).
Link.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]