Originally posted here by morganlefay
Well.....why does that so called user have those kind of prilledges on the network\server...to be able to run an exe on a server...

I am sorry.....can you explain???

I have seen worms infect open shares...because the users have full control rights to them....

Users on networks should not have administrative access to a server....

MLF
The user doesn't need access to the server for a worm to infect a server with a known exploit. Code Red spread across the internet via an exploit in the IIS service. I certainly had no special access to an internet server out on the web, but if I was infected with Code Red, and the server was not patched, I would infect it, without my knowing it. All on Port 80.

http://www.cert.org/advisories/CA-2001-19.html

Look up Reatle too. I had three servers that I use get infected with that, and those servers have never been connected to the Internet, their browsers were never configured. There are 6 people with access to the servers, and none with admin access. Reatle came into my company's network via an email sent to a user in Singapore, and within 12 hours, computers all over the internal network were infected. Obviously the server admins were lax in applying security patches, but hey, stuff gets missed from time to time.

It's not just about network shares, and shell access / remote desktop access anymore. If a worm can take advantage of an exploit in the OS, it can spread without a user having access to the system in any shape or form.