Re: Terrifying results from online test

From: Ken Russell (kenrussellmyhat_at_optushome.com.au)
Date: 12/10/04

  • Next message: Joe: "Re: Terrifying results from online test" 
    Date: Fri, 10 Dec 2004 23:51:51 +1100

    Symantic reports the program as spyware;
    http://securityresponse.symantec.com/avcenter/venc/data/spyware.pcaudit.html 

    -- 
Ken Russell
kenrussellyourhat@optushome.com.au
Remove yourhat to reply by e-mail
.
<spamme2@mailinator.com> wrote in message 
news:1102644916.365254.82490@f14g2000cwb.googlegroups.com...
>I did this test, which simulates an unknown Trojan attack on a windoze
> computer.  The program successfully bypasses my beloved (and well
> configured) Kerio firewall.  It also evades my universities hardware
> firewall, which is configured very well (the admins are the block all
> apart from port 80 type :-( )
> Check out PCAudit from http://www.pcinternetpatrol.com/page/view/49
> The program works by causing applications that have the privileges to
> connect to the internet to upload data to their server.
> I thought I would be safe because I configure kerio so it only permits
> outbound connections to IP addresses of the resources that I connect
> to, for example smtpserver:25, nntpserver:119, pop3server:110 and
> proxy:8080
> PCAudit appears to scan its way out.  Even when I click deny it gets
> through!
> The company behind PCAudit have publicised a vulnerability that affects
> almost all firewalls.  Their PCAudit program could easily be reverse
> engineered by crackers, and then a real and more malicious Trojan could
> be produced that bypasses almost all firewalls.
>
> What do you guys think of this?  Did you pass the test (without
> unplugging your internet wire/blocking all traffic Lol)?
>
  • Next message: Joe: "Re: Terrifying results from online test"

    Relevant Pages

    • Terrifying results from online test
      ... The program successfully bypasses my beloved (and well ... configured) Kerio firewall. ... PCAudit appears to scan its way out. ...
      (alt.computer.security)
    • Re: Terrifying results from online test
      ... The program successfully bypasses my beloved (and well ... > configured) Kerio firewall. ... > PCAudit appears to scan its way out. ...
      (alt.computer.security)
    • Terrifying results from online test
      ... The program successfully bypasses my beloved (and well ... configured) Kerio firewall. ... PCAudit appears to scan its way out. ...
      (alt.computer.security)
    • Re: Terrifying results from online test
      ... The program successfully bypasses my beloved (and well ... > configured) Kerio firewall. ... > PCAudit appears to scan its way out. ...
      (alt.computer.security)
    • Re: trojan horse?
      ... What version of 'kerio firewall' are you using? ... It cannot stop you downloading poo from ... Internet Explorer springs to mind here. ...
      (alt.computer.security)