Originally Posted by talikarni
FACT: Most malware/virus infections come from something the user did or downloaded, or failed to update with the latest patches.
How do explain conficker?
As for "what users downloaded"?
How do you account for buffer-overflow attacks due application flaws. So if you are listening to music ON a network attached to another machine running music, you can get hijacked because their was a buffer overflow memory error in the app.
Example. Send a print spool to a machine with printer sharing. No user downloading of files involved.
Microsoft Security Bulletin MS10-061 - Critical : Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
These types of remote buffer over-flow type stuff occurs weekly. MS keeps on top of some of them but they can go months un-patched. No one can keep up on all the vulnerabilities. Not even Microsoft.
Here are some more. Just by being a network, you can use a phone to craft a welform packet and BLAMMO.
CVE-2011-2013 : Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, a
CVE-2011-3406 : Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Director
CVE-2011-1268 : The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2
And here is a bluetooth vulnerability
CVE-2011-1265 : The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to obj
Or non-root zero escalation.
Windows 7 UAC Buffer Overflow Privilege Escalation 0-day | Greyhat-Security.com
Or just being on a certain network
Microsoft Security Bulletin MS11-095 - Important : Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
Some machines can't be patched for whatever reason. I have a Windows 95 machine connected to a $300K drum scanner. The drum scanner software ONLY runs on Windows 95 per the company. You CANT update/patch it.
I have Windows servers where there are server apps used by my industry that CANT be patched or updated. The vendors specifically prohibits updates that may break their apps. These are $40-100K apps.