Vulnerability Development mailing list archives

Re: ssh trojaned

From: loki_ () softhome net
Date: Mon, 5 Aug 2002 17:51:41 +0200

Hi,

On Mon, Aug 05, 2002 at 09:02:38AM -0500, Nick Lange wrote:

From: "Nick Lange" <nicklange () wi rr com>
To: <vuln-dev () securityfocus com>
Subject: Re: Re: ssh trojaned
Date: Mon, 5 Aug 2002 09:02:38 -0500
X-Mailer: Microsoft Outlook Express 5.50.4807.1700

            ^^^^^^^^^^^^^^^^^^^^^^^^^
            Warning: You are using software from Microsoft.

or perhaps, if I am mirror A have a watchdog script compare my md5 sum to
every other md5 sum accross the mirrors, and take some action should the
ratio of unmatching MD5's falls below a certain percentage...


that would not work because a smart attackor would serve the correct
file and hash to the watchdog scripts, iss.com, and so on and
serve the trojaned file to presumedly unsuspecting victims only.
iirc, the trojaned version of epic was served to specific ip ranges
only.

--loki

Current thread:

ssh trojaned Steve Wright (Aug 01)
- Re: ssh trojaned Ron DuFresne (Aug 02)
  - Re: ssh trojaned Dan Cuthbert (Aug 02)
- <Possible follow-ups>
- Re: ssh trojaned Eirik Seim (Aug 02)
- RE: ssh trojaned Fabrizio Siciliano (Aug 02)
  - RE: ssh trojaned Rory Savage (Aug 02)
- Re: Re: ssh trojaned wozz (Aug 02)
  - RE: Re: ssh trojaned Joe Harrison (Aug 03)
  - Re: Re: ssh trojaned Nick Lange (Aug 05)
    - Re: ssh trojaned loki_ (Aug 05)
    - Re: ssh trojaned Nick Lange (Aug 05)
    - Re: ssh trojaned Joakim Andersson (Aug 05)
    - Re: ssh trojaned Clemens 'Gullevek' Schwaighofer (Aug 06)
    - Re: ssh trojaned Andreas Krennmair (Aug 06)
    - Re: ssh trojaned Alex Lambert (Aug 06)
    - Message not available
    - Re: ssh trojaned Clemens 'Gullevek' Schwaighofer (Aug 07)
    - Re: Re: ssh trojaned Jonas Anden (Aug 05)
    - Re: Re: ssh trojaned Tan Wee Yeh (Aug 05)
    - Re: Re: ssh trojaned Thomas Cannon (Aug 05)
- Re: ssh trojaned Grudge Mason (Aug 02)

(Thread continues...)