Security Basics mailing list archives
Re:Trojan Horse Detection tools(Possibly off-topic)
From: "Sridhar J" <sridhar.jayaraman () wipro com>
Date: Tue, 15 Apr 2003 09:59:40 +0530
Hi Hi all, Thank you all for responding. However, I feel a clarification would be in order. I am researching an area of concern for many companies, especially those that outsource their software development to other companies. Now, the legitimate concern is how can I make sure that the vendor and/or is developers have not injected any trojan source code? Trojan horses are not simply limited to those that record passwords into temp files or those that send such information to other computers. If you have read "The Cuckoo's Egg", where a developer of a banking application used the salami attack to slice of small cents from other accounts and put it into his account in the same bank. This application does not record any info, connect to other sites or do anything malicious to the computer. But it does not perform as intended and this non-performance is deliberate. I am looking at ways to detect it, atleast theoretically. I have done some research and have come up with some solutions, which I could publish in a white paper. If you know of tools that do some sort of code checking or some techniques, please let me know. ---------- Regards Sridhar J ---------- "What you do in this world is a matter of no consequence;The question is, what can you make people believe that you have done." --Sherlock Holmes in "A Study in Scarlet" -----Original Message----- From: Jon Pastore [mailto:jpastore () idetech net] Sent: Sunday, April 13, 2003 6:24 PM To: Rahul Chander Kashyap; SECURITY-BASICS () securityfocus com Subject: Re: Re:Trojan Horse Detection tools(Possibly off-topic) not that I qualify as an expert in this realm but, I would suggest if you know the language I would look for a few basic this like search for syntax that open sockets for transmitting data... this should narrow your search or opening file handles to places that make no sense or logging info that has nothing to with the intended purpose of the application... also be weary of code frmo untrusted sources it's always a good idea to have a test enviroment like a segmented network that has nothing to do with your production enviroment... -Jon ----- Original Message ----- From: "Rahul Chander Kashyap" <rahul () nsecure net> To: <SECURITY-BASICS () securityfocus com> Sent: Saturday, April 12, 2003 5:42 AM Subject: Re:Trojan Horse Detection tools(Possibly off-topic)
Hi Sridhar, As far as i know, u have to go thru the whole code because a trojan/backdoor can be embedded into code very cleverly ;-) and even experts might
not be
able to detect it! what i wud do if i were in ur case wud be to go thru the source code
of
some trojans/backdoors[there are many available] and try to get an idea
from
those :-) [And yeah in case a tool to detect this exists,i'm looking forward to
it!]
All the best! Regards, Rahul Kashyap Software Developer, nSecure Software (P) Ltd. Bangalore-71 www.nsecure.net ---------------------- Layered Defence ---------------------- ------ This message is intended for the addressee only. It may contain privileged or Confidential information. If you have received this message in error, please notify the sender and destroy the message immediately. Unauthorized use or reproduction of this message is strictly prohibited. ----------- Original Message ----- From: "Sridhar J" <sridhar.jayaraman () wipro com> To: <security-basics () securityfocus com> Sent: Friday, April 11, 2003 10:20 AM Subject: Trojan Horse Detection tools(Possibly off-topic) Hi all Are there any tools to detect Trojan horse code? Assume that I have
the
source code, but code inspection is very cumbersome and sufficient expertise is needed, which is difficult to expect from developers. ---------- Regards Sridhar J ---------- "What you do in this world is a matter of no consequence;The
question
is, what can you make people believe that you have done." --Sherlock Holmes in "A Study in Scarlet"------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of
free technical support.
Stop SPAM before it stops you. -------------------------------------------------------------------
------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
Attachment:
Wipro_Disclaimer.txt
Description:
------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. www.blackhat.com -------------------------------------------------------------------
Current thread:
- Trojan Horse Detection tools(Possibly off-topic) Sridhar J (Apr 11)
- Re: Trojan Horse Detection tools(Possibly off-topic) Devdas Bhagat (Apr 14)
- <Possible follow-ups>
- Re: Trojan Horse Detection tools(Possibly off-topic) H Carvey (Apr 12)
- Re: Trojan Horse Detection tools(Possibly off-topic) Jim McCaw (Apr 12)
- Re:Trojan Horse Detection tools(Possibly off-topic) Rahul Chander Kashyap (Apr 12)
- Re: Re:Trojan Horse Detection tools(Possibly off-topic) Jon Pastore (Apr 14)
- RE: Trojan Horse Detection tools(Possibly off-topic) Jim Hull at 044 (Apr 14)
- Re:Trojan Horse Detection tools(Possibly off-topic) Sridhar J (Apr 15)