Dailydave mailing list archives

Re: Some Propaganda.

From: "Marek Bialoglowy" <bialoglowy () gmail com>
Date: Fri, 17 Nov 2006 02:47:03 +0700

Piotr, it's impressive. Following our discussion in e-mail, I think
your project will have huge impact on the security industry. What I
believe could be most impressive, is the possibility of instant
creation of worm infected binaries thanks to the metamorphic engine
that you are currently testing. I mean, if your metamorphic engine is
good enough, within few clicks anyone could integrate malicious code
such as known worms/keyloggers etc. into any binary and most likely it
would not be detected by AV software, even if the original binary is
already in AV virus signatures. Now, how about taking any known worm
and within few clicks create its mutation that will be undetectable to
AV software? It's a pretty serious thing.

Moreover, I think the freeSHELL.exe shows how easy it is to integrate
customised backdoor into any binary. Previously it'd take at least few
days to create such backdoor, with your tool it's only matter of few
minutes. It's very impressive to see that someone managed to develop
this type of tool. Actually, with this tool it would be trivial to
integrate backdoor into any application that is commonly used by the
system administrators and I don't think it's easy to detect as keeping
track of binary checksums changes in days when applications
auto-update quite frequently is unlikely. Well, the fun thing is also
possibility of placing backdoor into specific part of the code, like
in your example a shell-code executing after user starts a new game.
I.e. if backdoor is integrated into a web-browser and system admin
opens a web-site, nothing happens. However, soon as he/she opens
browser configuration options, malicious shell code will be executed
and as you can imagine this can be anything. What an interesting way
of creating backdoors.

Regards,

 Marek Bialoglowy, IT Security Researcher, PGPkey ID: 0x962D7036
 Location: Jakarta, Indonesia | JAVT, GMT+7
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Some Propaganda., (continued)
- Re: Some Propaganda. Arun Koshy (Nov 14)
- Re: Some Propaganda. Joanna Rutkowska (Nov 15)
  - Re: Some Propaganda. Halvar Flake (Nov 15)
  - Re: Some Propaganda. dan (Nov 15)
    - I love PKI :) (was Some Propaganda.) Joanna Rutkowska (Nov 16)
    - Re: I love PKI :) (was Some Propaganda.) ergosum (Nov 17)
    - Re: I love PKI :) (was Some Propaganda.) Danny Quist (Nov 19)
- Re: Some Propaganda. Piotr Bania (Nov 15)
- Re: Some Propaganda. Piotr Bania (Nov 15)
- Some Propaganda. Piotr Bania (Nov 15)
- Re: Some Propaganda. Marek Bialoglowy (Nov 16)