Re: Malicious code could trick ZoneAlarm firewall

["Fergie (Paul Ferguson)" <fergdawg () netzero net>]

I'd say you're not missing anything. :-)

The reason I send stuff like this to the list is for
any number of reasons actually, but in this case, to be
prepared for the FUD.

Cheers,

- ferg


-- Jordan Wiens <numatrix () ufl edu> wrote:

On Fri, 30 Sep 2005, Fergie (Paul Ferguson) wrote:

> [snip]
>
> An attacker could trick the firewall by linking a malicious program, such as a keystroke logger, to another 
> application, for example, Internet Explorer. When the keystroke logger subsequently sends its captured data out, the 
> firewall would see IE accessing the Internet, not the spyware, and allow the connection.
>
> [snip]
>
> http://news.com.com/Malicious+code+could+trick+ZoneAlarm+firewall/2100-1002_3-5886488.html

Not exactly news, is it?  Malware has been loading dynamic libraries into 
known applications for a while now.  Heck, there are toolkits that will 
automatically slip one program into another for you (if memory serves, 
we've even seen the tool to do it loaded up on compromised machines on 
campus).  Unless I'm missing something and this is something different?

-- 
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.