-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Ari Weisz-Koves [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 07, 2001 12:01 AM
>
> [...]
> Correct me if I'm wrong with the details, but with Windows
> 95/98/NT/2000
> wouldn't the trojan would have to figure out the network
> interfaces, install
> a packet driver, reboot the system then run itself again to begin
> the attack?
Uhm... no. The latest version of WinPCap installs without requiring a
reboot. So, someone can write a trojan that silently installs WinPCap
and uses its packet functions to send and receive packets. The scary
part is that these trojans could bypass personal firewall software
since it they are listening in promiscuous mode. (Personal IDS
software would still catch them though.)
> Sure, someone out there is probably good enough to
> write this, but
> the majority of vicious virus-writing pranksters wouldn't
> have the skills to
> write one in a way that wouldn't suspiciously reboot the
> system or show up
> in some blaring obvious way to the end user. Isn't this just
> above the skill
> level of the majority of virus writers?
hehe... a lot of virus writers just copy, or use 'virus constructions
kits'. However, the risk is there that someone smart will write a kit
that will use their own packet routines. Once such a kit is
available, all the script kiddies and virus-copy-cats can use it.
It's just a matter of time...
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.
iQA/AwUBOx+PS5ytSsEygtEFEQKo4wCfU3IYbjkvHUuUbbzl4ldmqLjoxjUAn2wD
q6OzVvarhifMpXuwFMjj3QtB
=cTDh
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
