Re: Infecting the KaZaA network?

From: Alun Jones (alun@texis.com)
Date: 02/08/02


Date: Fri, 08 Feb 2002 13:58:52 -0600
To: GertJan de Leeuw <dataholic@punkass.com>
From: Alun Jones <alun@texis.com>

At 08:51 AM 2/8/2002, GertJan de Leeuw wrote:
>So the only way somebody can infect the network is ,
>injecting the first compiled version of a new
>distibution (but that is hardly impossible)

Not necessarily, one could simply find a portion of the original program
that is overspecified, or a feature that most people don't use, and write
your code into that space. If the code you replace is small enough, it'll
likely fit into a convenient block boundary, such that your code will
either be downloaded or not, and you really don't necessarily care about
infecting the whole network.

Alun.
~~~~

--
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.



Relevant Pages

  • Russian Gang Hijacking PCs in Vast Scheme
    ... A criminal gang is using software tools normally reserved for computer network administrators to infect thousands of PCs in corporate and government networks with programs that steal passwords and other information, ... Mr. Stewart, who has determined that the gang is based in Russia, was able to locate a central program controlling as many as 100,000 infected computers across the Internet. ...
    (soc.retirement)
  • Re: How to find out the(the first machine) source machine being infected of infected virus
    ... > by virus. ... How can I find out which machine is the first machine being infected. ... infected, come to work and infect other unprotected PCs on the network. ...
    (microsoft.public.windowsxp.general)
  • RE: Incident response to being scanned
    ... > In reviewing my firewall and web server logs, ... > well as infect my webserver with code red. ... world's premier event for IT and network security experts. ... Training features 6 hand-on courses on May 12-13 taught by professionals. ...
    (Security-Basics)
  • Re: [Full-Disclosure] Worm of the worm?
    ... > 100% of the vulnerable population got infected due to the speed of infection. ... "Because the network telescope contains approximately 1/256th of all IPv4 ... > can describe a population that can support a viable worm population. ... How long would it take to infect all the PDP-11s on the net that are running ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] Blaster: will it spread without tftp?
    ... > use a proxy server to connect to the internet. ... > corporate network and the internet or laptop users that get infected by ... > start to infect other systems... ...
    (Full-Disclosure)