Penetration Testing mailing list archives
RE: Using viruses in pen-test
From: "Clint Laskowski" <clint () robotic com>
Date: Wed, 11 Oct 2006 23:28:00 -0500
Do not write your own code to test your client's antivirus controls. Use the EICAR test files (http://www.eicar.org/) as previously described by 'kev'. If you write a test virus and it gets loose and does something stupid, you'll have no one to blame but yourself. Even if it is relatively harmless, if it gets out you'll be facing charges of abuse of bandwidth, etc. It is not worth it. If your goal is to see if users open email that they shouldn't, consider sending an HTML email message with a 1x1 pixel image pulled from your website. Use a unique file name for the image that will only be used in the test. Then, after allowing enough time for the users to open the message, check your weblogs to see if the image was downloaded, and at what time. Even better, have unique file names for each email you send out. That way you can tell who read the email ... or at least the fact that a specific email (sent to a specific person) was read at a specific time. However, keep in mind this approach was apparently used by HP recently (see http://news.zdnet.com/2100-1009_22-6121048.html) using a service called ReadNotify, and look where it got them! Use these concepts at your own risk! -- clint -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of David Swafford Sent: Wednesday, October 11, 2006 4:13 PM To: neo anderson; pen-test () securityfocus com Subject: Re: Using viruses in pen-test I wonder if there is some type of "fake" virus you could use in this case. I know in a pen test you are hired to do the job asked, but I would hate for you to have to face your client after a "pen test gone bad" kind of situation where something backfired leaving the whole network in shambles from a massive virus outbreak. Clients sometimes don't always understand what they are truly asking (ie. the impact it might cause). I'm not sure how skilled you are at writing code but the option of writing a new virus which simulated something dangerous (but didn't actually damage anything valuable) might be a way to test to see if the anti-virus software doing its job on the "zero day" part (based on heuristic scanning). David. ____________________________________________________ David A. Swafford, Network Engineer Information Technology Team Archbishop Alter High School EC-Council Certified Ethical Hacker A Cisco Systems, Inc., Certified Network Associate (CCNA) and a CompTIA Network+ and Security+ Certified Professional
"neo anderson" <amol.netsec () gmail com> 10/11/2006 3:08 am >>>
Hi List, I wish to know your views on "Using viruses in pen-test"I I've been working in the infosec domain for over 2 years with a couple of infosec certs including CEH and conducting pen-tests for my clients for about a year. My recent client has hired me for carrying out "every possible" type of pen test. This includes testing organizations defence mechanism against viruses as well, this includes to test whether anti-virus administrators have up-to-date virus definitions etc. I'm supposed to gather this information by means of thorough penetration tests only. As we all are aware that how the viruses (worms/trojans included) enter into the corporate network propagate over LAN. There are many ways like email attachments or infected content brought in by employee.It spreads on itself thereafter. Now my question: Is there any standard procedure to test the posture of organizations network security against potential virus threats? I mean i wish to know about pen-test carried out against Antivirus-product. In order to replicate itself, a virus must be permitted to execute code and/or write to memory. Thus this pen-test should also tests that. And do I need to use some known viruses for this kind of pen-test? Have your thoughts on this topic please. Thanking you all. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000 0008bOW ------------------------------------------------------------------------ _____________________________________ Note: this message has been scanned for viruses and mal-ware prior to leaving the Archbishop Alter High School Information Technology Network. Please report all possible solicitation and infected messages to abuse () alterhighschool org, Thank you. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000 0008bOW ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Using viruses in pen-test neo anderson (Oct 11)
- RE: Using viruses in pen-test lists (Oct 11)
- Re: Using viruses in pen-test David Swafford (Oct 11)
- RE: Using viruses in pen-test Clint Laskowski (Oct 12)
- Re: Using viruses in pen-test c0redump (Oct 13)
- RE: Using viruses in pen-test Clint Laskowski (Oct 12)
- RE: Using viruses in pen-test Omar Herrera (Oct 11)
- Re: Using viruses in pen-test Christoph Puppe (Oct 12)
- <Possible follow-ups>
- RE: Using viruses in pen-test Hagen, Eric (Oct 11)