Firewall Wizards mailing list archives

RE: Security of HTTPS

From: "Dave Piscitello" <dave () corecom com>
Date: Tue, 30 Nov 2004 12:10:15 -0500

On 27 Nov 2004 at 10:04, Paul D. Robertson wrote:

2. Do they pose as legit web sites to unsuspecting
users, or hiding in the guise of a famous web site but
in fact doing a MITM attack?


That happens too, for instance, recently there's been a spate of
Windows malware changing hosts file entries to get the site's traffic
redirected to them, even if the user types the URL in their browser.


Modifying or substituting hosts.txt is common to browser hijacking 
spyware and spyware that install RATs. Pestpatrol identifies NetBus 
and the "paradise" family among spyware that monkey with hosts files.
Coolwebsearch variants are notorious for this. Merijn's written an 
extensive investigation into CWS at 
http://www.spywareinfo.com/~merijn/cwschronicles.html

Minor plug. If you're interested in more, visit my spyware 
information page at hhi.corecom.com/spyware.htm - nothing to purchase 
unless you visit an ad by google:-) 


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Security of HTTPS Ben Nagy (Dec 02)
- <Possible follow-ups>
- RE: Security of HTTPS Dave Piscitello (Dec 02)
- Re: Security of HTTPS Kevin (Dec 05)
  - RE: Security of HTTPS Ben Nagy (Dec 07)
  - Re: Security of HTTPS David Lang (Dec 26)