But if the proxy transparently wrapped the EXE with a rootkit installer that just copied the embedded installer to a temp directory and ran it, all the digital signatures would be fine.
-david Alex Pankratov wrote: > Digitally singing .exe files before publishing and not executing > unsigned binaries on the client end would be one option. > > Alex > >> I don't see any way to protect against this aside from suggestions to >> use DNSSEC or SSL (or only use otherwise secured or switched networks.) >> In practice the attack might be complicated by the client. It's >> entirely possible the victim's resolver will get the 2nd response and >> cache that -- who knows. >> >>> But wow, I'm amazed this doesn't happen more. It seems like this >> would be the most obvious way to spread a virus. Indeed, I could >> imagine creating a proxy that auto-infects every executable file that >> comes through it (just add a silent rootkit installer that runs before >> the real installer). > > _______________________________________________ > p2p-hackers mailing list > p2p-hackers@lists.zooko.com > http://lists.zooko.com/mailman/listinfo/p2p-hackers _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
