Vulnerability Development mailing list archives
Re: Badware update through P2P?
From: Rob Shein <shoten () starpower net>
Date: 17 Jul 2002 13:46:41 -0400
I've never seen it, but it's a chilling prospect. I started writing an email explaining the various problems with this approach, and didn't get to the end before I ended up with solutions to all of them. Version control can be accomplished by using a substring to identify incremental version changes. A hash of a subset of the code can be used to thwart hostile (from the perspective of the trojan) insertion of false updates into the P2P network. And finally, the blackhat can avoid leaving a direct pointer to him/herself when they first serve up the latest update, merely by using a hijacked windows machine on a cable modem somewhere. On Wed, 2002-07-17 at 12:31, Michel Arboi wrote:
IIRC some virii or trojan horses tried to fetch updates from web pages, usually on free hosting services. And as soon as they are detected, the web account is closed and the dangerous files removed, so this does not look like a very efficient chanel. What would happen if such a nasty piece of code used some P2P protocol to update itself? e.g. Gnutella or eDonkey? Has anybody seen such a "feature"? ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
################################################################# ################################################################# ################################################################# ##### ##### ##### ################################################################# ################################################################# #################################################################
Current thread:
- Badware update through P2P? Michel Arboi (Jul 17)
- Re: Badware update through P2P? Rob Shein (Jul 17)
- Re: Badware update through P2P? Michel Arboi (Jul 17)
- Re: Badware update through P2P? Adam [wp-ckkl] (Jul 17)
- Re: Badware update through P2P? Fabien SPAGNOLO (Jul 17)
- Re: Badware update through P2P? Mark Robinson (Jul 17)
- Re: Badware update through P2P? Rob Shein (Jul 17)