Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] penetrating trojan

From: David Knaack <dknaack () RDTECH COM>
Date: Wed, 6 Dec 2000 11:14:36 -0600
From: "Joakim Sandström" <jode () TRIBALSTORM COM>

When I quit developing on this one I was working on a Packet Relay
Network to make it even harder to track back to the attacker if he
 has infected more than 1 computer on your network.


This relates to a question I had a few weeks ago.  After examining
a rather sophisticated mIRC script and supporting programs that were
used to create 'zombie' systems that sat in an IRC channel awaiting
commands, it occurred to me that such a system could be made much
more difficult to detect and disable by creating the client to work
as a distributed peer-to-peer network, ala Gnutella.

Development wouldn't even be that difficult, given that code could
be lifted directly from the various Gnutella-like projects to handle
the network side.  With a little bit of modification commands could
be broadcast to all hosts on the network with only one host ever
knowing the identity of the master (and even that could be hidden
fairly well).

I'm curious if any such tools are already known.

DK
Previous By Date Next
Previous By Thread Next

Current thread: