Re: Badware update through P2P?

[Rob Shein <shoten () starpower net>]

I've never seen it, but it's a chilling prospect.  I started writing an
email explaining the various problems with this approach, and didn't get
to the end before I ended up with solutions to all of them.

Version control can be accomplished by using a substring to identify
incremental version changes.  A hash of a subset of the code can be used
to thwart hostile (from the perspective of the trojan) insertion of
false updates into the P2P network.  And finally, the blackhat can avoid
leaving a direct pointer to him/herself when they first serve up the
latest update, merely by using a hijacked windows machine on a cable
modem somewhere.

On Wed, 2002-07-17 at 12:31, Michel Arboi wrote:
> IIRC some virii or trojan horses tried to fetch updates from web pages,
> usually on free hosting services. And as soon as they are detected, the
> web account is closed and the dangerous files removed, so this does not
> look like a very efficient chanel.
>
> What would happen if such a nasty piece of code used some P2P protocol
> to update itself? e.g. Gnutella or eDonkey? Has anybody seen such a
> "feature"?
>
>
>
> ___________________________________________________________
> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
> Yahoo! Mail : http://fr.mail.yahoo.com



#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################