Full Disclosure mailing list archives
RE: [inbox] malware added in transit
From: Vincent.Maes () aps com
Date: Thu, 18 Mar 2004 09:03:45 -0700
Paul wrote:
Hi all, perhaps I'm way off-base but I've been under the impression
that malware can be added
to clean transmissions as they pass through infected nodes. Is this
possible? What about modifying/building an application such as dsniff on steroids. Direct all the gateway traffic through a (dsniff) compromised system, then watch for the target traffic and perform a disassemble/reassemble with malware included. You could fragment the target traffic to insert larger amounts of malware; and, by looking for the file-type headers, proceed to target specific content. As others have said, there is nothing available (in script kiddie format) to do this, yet. But there are tools that can perform each of the require functions (WinPcap, ngrep, libpcap) You just have to put them together. Here's some more detail: http://www.packetfactory.net/projects/libnet/2004_RSA/eol-1.0.pdf
Maybe by 2104...
Is it that time already? ;) Vince Maes "MMS <apsc.com>" made the following annotations. ------------------------------------------------------------------------------ --- NOTICE --- This message is for the designated recipient only and may contain confidential, privileged or proprietary information. If you have received it in error, please notify the sender immediately and delete the original and any copy or printout. Unintended recipients are prohibited from making any other use of this e-mail. Although we have taken reasonable precautions to ensure no viruses are present in this e-mail, we accept no liability for any loss or damage arising from the use of this e-mail or attachments, or for any delay or errors or omissions in the contents which result from e-mail transmission. ==============================================================================
Current thread:
- RE: [inbox] malware added in transit Vincent . Maes (Mar 18)
- RE: [inbox] malware added in transit Frank Knobbe (Mar 18)
- RE: [inbox] malware added in transit Nick FitzGerald (Mar 18)
- <Possible follow-ups>
- RE: [inbox] malware added in transit James . Cupps (Mar 18)
- RE: [inbox] malware added in transit Frank Knobbe (Mar 18)