Dailydave mailing list archives
Re: Some Propaganda.
From: "Marek Bialoglowy" <bialoglowy () gmail com>
Date: Fri, 17 Nov 2006 02:47:03 +0700
Piotr, it's impressive. Following our discussion in e-mail, I think your project will have huge impact on the security industry. What I believe could be most impressive, is the possibility of instant creation of worm infected binaries thanks to the metamorphic engine that you are currently testing. I mean, if your metamorphic engine is good enough, within few clicks anyone could integrate malicious code such as known worms/keyloggers etc. into any binary and most likely it would not be detected by AV software, even if the original binary is already in AV virus signatures. Now, how about taking any known worm and within few clicks create its mutation that will be undetectable to AV software? It's a pretty serious thing. Moreover, I think the freeSHELL.exe shows how easy it is to integrate customised backdoor into any binary. Previously it'd take at least few days to create such backdoor, with your tool it's only matter of few minutes. It's very impressive to see that someone managed to develop this type of tool. Actually, with this tool it would be trivial to integrate backdoor into any application that is commonly used by the system administrators and I don't think it's easy to detect as keeping track of binary checksums changes in days when applications auto-update quite frequently is unlikely. Well, the fun thing is also possibility of placing backdoor into specific part of the code, like in your example a shell-code executing after user starts a new game. I.e. if backdoor is integrated into a web-browser and system admin opens a web-site, nothing happens. However, soon as he/she opens browser configuration options, malicious shell code will be executed and as you can imagine this can be anything. What an interesting way of creating backdoors. Regards, Marek Bialoglowy, IT Security Researcher, PGPkey ID: 0x962D7036 Location: Jakarta, Indonesia | JAVT, GMT+7 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Some Propaganda., (continued)
- Re: Some Propaganda. Arun Koshy (Nov 14)
- Re: Some Propaganda. Joanna Rutkowska (Nov 15)
- Re: Some Propaganda. Halvar Flake (Nov 15)
- Re: Some Propaganda. dan (Nov 15)
- I love PKI :) (was Some Propaganda.) Joanna Rutkowska (Nov 16)
- Re: I love PKI :) (was Some Propaganda.) ergosum (Nov 17)
- Re: I love PKI :) (was Some Propaganda.) Danny Quist (Nov 19)