Penetration Testing mailing list archives
Re: [PEN-TEST] penetrating trojan
From: Kazennov Vladimir <kvn () wplus net>
Date: Sun, 3 Dec 2000 12:35:52 +0300
Hello!
Hello,
...
What would make the situation a lot more dangerous is when the trojan itself had the connection started, let's say over port 80 using http protocol, e.g. pretending being a browser. Most Firewall settings would allow such a connection and the trojan could unfold his power (assuming he was not detected by a local anti virus program.
Why did I never encounter such a trojan? Am I missing something ... has anybody heard of such attacks?
I saw such trojans on machine of our clients (I am security manager of ISP ) - for example Trojan.PSW.Gip (according AVP) This is email trojan (another threat!). It sends email with passwords and other confidential information to free mailbox and try to download plugin from free www site (and execute it). Try search trojan definitions on www.viruslist.com or www.hackfix.org I think that normal defense for workstation is firewall that have rules in which you may define name of application (f.e @guard). For example only your mailer can setup outbound connection to 25 port of only your mailserver. Browser NeoPlanet (f.e.) silently sends emails to their site. I found this fact only with @guard. Best regards, Kazennov mailto:kvn () wplus net
Current thread:
- [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 02)
- Re: [PEN-TEST] penetrating trojan Deus, Attonbitus (Dec 02)
- Re: [PEN-TEST] penetrating trojan Conor Crowley (Dec 02)
- Re: [PEN-TEST] penetrating trojan Arthur Clune (Dec 03)
- Re: [PEN-TEST] penetrating trojan Tom Vandepoel (Dec 03)
- Re: [PEN-TEST] penetrating trojan van der Kooij, Hugo (Dec 04)
- Re: [PEN-TEST] penetrating trojan Arthur Clune (Dec 03)
- Re: [PEN-TEST] penetrating trojan Kazennov Vladimir (Dec 04)
- Re: [PEN-TEST] penetrating trojan Pierre Vandevenne (Dec 04)
- Re: [PEN-TEST] penetrating trojan Jean-Christophe Touvet (Dec 05)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- Re: [PEN-TEST] penetrating trojan Darbean (Dec 06)
- <Possible follow-ups>
- Re: [PEN-TEST] penetrating trojan Randall, Mark (ISSCalifornia) (Dec 05)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetrating trojan) Michael Rowe (Dec 06)
- Re: [PEN-TEST] OT: Lotus Notes name service (was: penetratingtrojan) Simon Waters (Dec 07)
- Re: [PEN-TEST] penetrating trojan Simon Waters (Dec 06)
- Re: [PEN-TEST] penetrating trojan Sven Bruelisauer (Dec 07)