Full Disclosure mailing list archives
RE: Backdoor not recognized by Kaspersky
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Wed, 3 Mar 2004 19:01:30 -0500
if you can read the users login credentials to his corporate mailserver you are far
better off. Rather casually put. How would you do this? I've heard how Swen asks the user for their credentials, but if you know a general crack for obtaining them I'd say that's news. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ larryseltzer () ziffdavis com -----Original Message----- From: Thor Larholm [mailto:thor () pivx com] Sent: Wednesday, March 03, 2004 6:47 PM To: Larry Seltzer; Mike Barushok; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Backdoor not recognized by Kaspersky SMTP authentication will not do much to stop viruses from spreading. Some viruses are already moving away from just implementing their own SMTP server to reusing whatever SMTP credentials you have on your machine. Having your own SMTP engine is a nice fallback solution just in case, but if you can read the users login credentials to his corporate mailserver you are far better off. Imagine us all implementing SPF, Caller ID or Domain Keys - what would happen? We would all have to use a mail server that has implemented one of these 'solutions'. Naturally, virus writers would then just reuse your SMTP login credentials to spew their virus through that same MTA. Another quick workaround to SPF, Caller ID and Domain Keys has alredy been implemented by spammers for a year or so. The only premise behind S/C/D is that you are trusted if you have access to a DNS server. Spammers are using compromised machines not only as SMTP servers, but also web servers and DNS servers. The end result is that spammers have already completely circumvented all three solutions way before they were ever implemented. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: Larry Seltzer [mailto:larry () larryseltzer com] Sent: Wednesday, March 03, 2004 1:38 PM To: 'Mike Barushok'; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Backdoor not recognized by Kaspersky
I feel the need to address the problem from an ISP perspective, since the corporate
and government and other institutional persective seems to give different answers. And because the ISP end user problem is still the majority of the reservoir for viruses (and spam proxy/relay/trojans). I really feel for you guys. As I've argued in another thread, I think SMTP authentication will likely cut this stuff down to a trickle compared to the current volume. As an ISP, how big a problem would you have with that. An even better question: Would you have a problem implementing SPF, Caller ID and Domain Keys (i.e. all 3)? It gets to the same issue of changing practices for your users: at some point you have to either bounce or segregate mail that doesn't authenticate. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Backdoor not recognized by Kaspersky, (continued)
- RE: Backdoor not recognized by Kaspersky Mike Barushok (Mar 07)
- RE: Backdoor not recognized by Kaspersky Mike Barushok (Mar 06)
- Email legislation does not exist Thor Larholm (Mar 04)
- RE: Email legislation does not exist Bill Royds (Mar 04)
- RE: Email legislation does not exist Ron DuFresne (Mar 05)
- Re: Email legislation does not exist Oliver Schneider (Mar 04)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 04)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 04)
- ProFtp bufferoverflow. Frederic Charpentier (Mar 04)
- Re: ProFtp bufferoverflow. Andreas Gietl (Mar 04)
- RE: ProFtp bufferoverflow. Epic (Mar 04)
- Re: ProFtp bufferoverflow. Andreas Gietl (Mar 04)