Comments on: How permissive is the Windows autorun.inf parsing? https://grey-panther.net/2009/01/how-permissive-is-the-windows-autorun-inf-parsing.html Just another WordPress site Tue, 20 Jan 2009 05:21:02 +0000 hourly 1 https://wordpress.org/?v=6.9 By: Anonymous https://grey-panther.net/2009/01/how-permissive-is-the-windows-autorun-inf-parsing.html#comment-533 Tue, 20 Jan 2009 05:21:02 +0000 https://grey-panther.net/?p=465#comment-533 @cdman83 – Great post! Thanks for sharing it with me over in my post comments. I’ve responded there but am reposting here to keep it in context.

I really like the suggestion about running Strings from Sysinternals. Granted it is CLI (and might turn off the casual users) but the arguments might ferret out the info much faster.

Foundstone’s BinText might also be a standalone executable that could help screen it in a GUI interface. I’ve used it successfully in the past to field-analyze malware bits and pieces.

Finally the brilliant Didier Stevens walks us through both tools in his older post Viewing strings in executables.

Good stuff and thank you very much for the added investigative work.

I think this type of “attack” by misdirection might become more common.

Especially if it takes the form as seen in this latest F-secure post that is also related to both ath autorun.inf file as well as Windows Vista and Windows 7.

Social Engineering Autoplay and Windows 7

–Cheers! Claus V.

]]> By: Anonymous https://grey-panther.net/2009/01/how-permissive-is-the-windows-autorun-inf-parsing.html#comment-547 Sat, 10 Jan 2009 07:54:12 +0000 https://grey-panther.net/?p=465#comment-547 what about using strings (strings.exe)?

]]>