Firewall Wizards mailing list archives
RE: Security of HTTPS
From: "Dave Piscitello" <dave () corecom com>
Date: Tue, 30 Nov 2004 12:10:15 -0500
On 27 Nov 2004 at 10:04, Paul D. Robertson wrote:
2. Do they pose as legit web sites to unsuspecting users, or hiding in the guise of a famous web site but in fact doing a MITM attack?That happens too, for instance, recently there's been a spate of Windows malware changing hosts file entries to get the site's traffic redirected to them, even if the user types the URL in their browser.
Modifying or substituting hosts.txt is common to browser hijacking spyware and spyware that install RATs. Pestpatrol identifies NetBus and the "paradise" family among spyware that monkey with hosts files. Coolwebsearch variants are notorious for this. Merijn's written an extensive investigation into CWS at http://www.spywareinfo.com/~merijn/cwschronicles.html Minor plug. If you're interested in more, visit my spyware information page at hhi.corecom.com/spyware.htm - nothing to purchase unless you visit an ad by google:-) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Security of HTTPS Ben Nagy (Dec 02)
- <Possible follow-ups>
- RE: Security of HTTPS Dave Piscitello (Dec 02)
- Re: Security of HTTPS Kevin (Dec 05)
- RE: Security of HTTPS Ben Nagy (Dec 07)
- Re: Security of HTTPS David Lang (Dec 26)