[unisog] XP silently configuring ad-hoc wifi networks
michael.schooley at emory.edu
Fri Sep 23 16:40:19 GMT 2005
We had an instance about a month ago where an infected computer apparently
hijacked our legit ssid and when another computer attached to the ssid a web
page came up and asked to install a file. Fortunately the user had current
av software and it was detected as a Trojan. The security people on campus
dismissed the event and called me an alarmist. Hmmm...sounds familiar...the
generals of the tech/security community ignoring the foot soldiers what a
concept. Happy fighting!
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Christopher Chow
Sent: Friday, September 23, 2005 11:57 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] XP silently configuring ad-hoc wifi networks
check out the posting at SANS-ISC that may relate (it refers to AP
networks, but who knows the activity of this yet to be identified
pathogen -- could be also making its own adhoc networks to spread under
the radar and avoid IDS systems
about 3/4 of the way down the page under the heading "Wi-Fi Worm Rumors"
speculation as of yet. they are awaiting packet captures and binaries.
might be a good idea to contact a handler if this seems rampant on your
c-chow at md.northwestern.edu
Frank Sweetser wrote:
> As all of the students wander onto campus this year, we've been noticing
> lot of them have common ad-hoc SSIDs configured as a preferred network.
> far, none of them admit to having any idea how those networks got
> where they came from. While it's quite possible that the users told
> connect without realizing or just without remembering, this has made me
> Does anyone know of any circumstances under which an XP system might
> connect to a previously unconfigured ad-hoc SSID without any user
More information about the unisog