Bugtraq mailing list archives
Re: Infecting the KaZaA network?
From: Ben Laurie <ben () algroup co uk>
Date: Sun, 10 Feb 2002 06:31:59 +0000
GertJan de Leeuw wrote:
I had the same thought about this subject a long time ago, but I discovered there are 2 major problems why a attacker cannot successfully infect the distribution of a new kazaa client: 1.The installation MUST have the same size as the orginal distribution package, since kazaa will look on its network for the filename with the exact filesize (for multiple downloads at one time from different clients) Because you need to 'inject' your evil code the filesize will be bigger. Ofcourse you could pack it with a pe packer like upx and add bytes till the exact filesize is there , but then we have problem 2: 2.As we all know, KazaA downloads from multiple users, so IF you have success with step 1, you will fail at this point, because you will have an invalid exe (a evil version merged with the orginal distro). So the only way somebody can infect the network is , injecting the first compiled version of a new distibution (but that is hardly impossible)
Hardly true - localise the code change, then anyone who downloads that section from you is infected. Of course if they do secure checksums its game over. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
Current thread:
- RE: Infecting the KaZaA network? Andrew McClymont (Feb 07)
- <Possible follow-ups>
- Re: Infecting the KaZaA network? GertJan de Leeuw (Feb 08)
- Re: Infecting the KaZaA network? Alun Jones (Feb 08)
- Re: Infecting the KaZaA network? Ben Laurie (Feb 11)