5 Replies Latest reply on Aug 28, 2014 1:29 AM by llamamecomoquieras

    Malware execution from Remote desktop

    Pradeep Kumar

      Hi all,

       

      Detections from windows 7 to server were identified  "exploit-cve 2010-2568", scanned the souce machine ans not found any detections with VSE and stinger scan.

       

      Created AP rule to block creation of new .lnk files and identified this is executing by mstsc.exe, user of windows 7 machine is taken RDP to one of the infected machine.

       

      7/24/2014    11:19:45 AM    Blocked by Access Protection rule       C:\Windows\system32\mstsc.exe    E:\Old_Data_E\code\Misc_code\code_CI\B_C_I_1_2_0_new\libs\FlashUpgrade\NetFx_30 _SP1_ENU_License.rtf.lnk    User-defined Rules:Ink being created    Action blocked : Create

       


      Please suggest if this copying .lnk files from remote desktop , or else is it executing from same machine only.