Re:Trojan Horse Detection tools(Possibly off-topic)

["Sridhar J" <sridhar.jayaraman () wipro com>]

Hi

Hi all,

Thank you all for responding. However, I feel a clarification would be
in order.

I am researching an area of concern for many companies, especially those
that outsource their software development to other companies.

Now, the legitimate concern is how can I make sure that the vendor
and/or is developers have not injected any trojan source code?

Trojan horses are not simply limited to those that record passwords into
temp files or those that send such information to other computers. If
you have read "The Cuckoo's Egg", where a developer of a banking
application used the salami attack to slice of small cents from other
accounts and put it into his account in the same bank.

This application does not record any info, connect to other sites or do
anything malicious to the computer. But it does not perform as intended
and this non-performance is deliberate.

I am looking at ways to detect it, atleast theoretically. I have done
some research and have come up with some solutions, which I could
publish in a white paper. If you know of tools that do some sort of code
checking or some techniques, please let me know.


----------
Regards
Sridhar J
----------
"What you do in this world is a matter of no consequence;The question
is, what can you make people believe that you have done."
--Sherlock Holmes in "A Study in Scarlet"

-----Original Message-----
From: Jon Pastore [mailto:jpastore () idetech net] 
Sent: Sunday, April 13, 2003 6:24 PM
To: Rahul Chander Kashyap; SECURITY-BASICS () securityfocus com
Subject: Re: Re:Trojan Horse Detection tools(Possibly off-topic)

not that I qualify as an expert in this realm but, I would suggest if
you
know the language I would look for a few basic this like search for
syntax
that open sockets for transmitting data... this should narrow your
search or
opening file handles to places that make no sense or logging info that
has
nothing to with the intended purpose of the application...

also be weary of code frmo untrusted sources it's always a good idea to
have
a test enviroment like a segmented network that has nothing to do with
your
production enviroment...

-Jon
----- Original Message -----
From: "Rahul Chander Kashyap" <rahul () nsecure net>
To: <SECURITY-BASICS () securityfocus com>
Sent: Saturday, April 12, 2003 5:42 AM
Subject: Re:Trojan Horse Detection tools(Possibly off-topic)


> Hi Sridhar,
>  As far as i know, u have to go thru the whole code because a
> trojan/backdoor
>  can be embedded into code very cleverly ;-) and even experts might
not be
>  able to detect it!
>  what i wud do if i were in ur case wud be to go thru the source code
of
> some
>  trojans/backdoors[there are many available] and try to get an idea
from
>  those :-)
>
>  [And yeah in case a tool to detect this exists,i'm looking forward to
it!]
>  All the best!
>  Regards,
>  Rahul Kashyap
>  Software Developer,
>  nSecure Software (P) Ltd.
> Bangalore-71
>  www.nsecure.net
>  ----------------------
>  Layered Defence
>  ----------------------
>  ------
>  This message is intended for the addressee only. It may contain
>  privileged or Confidential information. If you have received this
>  message in error, please notify the sender and destroy the message
>  immediately. Unauthorized use or reproduction of this message is
>  strictly prohibited.
>  ------
>
> > ----- Original Message -----
> > From: "Sridhar J" <sridhar.jayaraman () wipro com>
> > To: <security-basics () securityfocus com>
> > Sent: Friday, April 11, 2003 10:20 AM
> > Subject: Trojan Horse Detection tools(Possibly off-topic)
> >
> >
> > Hi all
> >
> > Are there any tools to detect Trojan horse code? Assume that I have
the
> > source code, but code inspection is very cumbersome and sufficient
> > expertise is needed, which is difficult to expect from developers.
> >
> > ----------
> > Regards
> > Sridhar J
> > ----------
> > "What you do in this world is a matter of no consequence;The
question
> > is, what can you make people believe that you have done."
> > --Sherlock Holmes in "A Study in Scarlet"
>
>
> -------------------------------------------------------------------
> Is SPAM over-loading your e-mail server, disk space or bandwidth?
> SurfControl E-Mail Filter is flexible, intelligent and policy-driven
> protection.
> http://www.securityfocus.com/SurfControl-security-basics2
> Download your free fully functional trial, complete with 30-days of
free
technical support.
> Stop SPAM before it stops you.
> -------------------------------------------------------------------


-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free
technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------

Attachment: Wipro_Disclaimer.txt
Description:

-------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  www.blackhat.com
-------------------------------------------------------------------