[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IRFTP possible woes
See: Infrared Vulns on laptops
for a previous discussion on this.
As a means of hacking, IR has some serious limitations.
>>[RECENTLY] I ran across what I believe is an irftp based worm. While
>>cleaning two laptops one day (one connected to a secure VLAN
>>the other not
>>connected), I noticed the connected machine flash its irftp sensor and
>>task manager showed it was running. Few seconds later the connected
>>machine stopped beeping, the disconnected one started, and it
>>irftp sessions. After checking around the premises for infrared
>>*anything*, I dug up all I could from both machines. The disconneted
>>machine had already been cleaned, and the connected one was
>>all sorts of SDBOT worms, Spyware, *crapware*foo*.
>>Something to think about if you're sitting in the park one
>>from any network and someone's infected machine sends you via
>>irftp C:\evil_at_script \\victim\C:\WINDOWS\run_me
>>Where some at script would run something like:
>>net user luzer something /ADD /FULLNAME:"Admin Account"
>>I'm almost positive something like this is what happened. I
>>possible to have that machine run whatever you would want it
>>to, and since
>>IRFTP has no authentication (that I know of) what is needed to perform
>>such nonsense. A machine name, share name, not that big of a deal.