Re: Spyware going thru firewall
From: FromTheRafters (!0000@nomad.net)Date: 06/30/02
- Previous message: Ed Meloan: "Re: Kerio PFW Rule to allow Norton AntiVirus Updates"
- In reply to: Art Kopp: "Re: Spyware going thru firewall"
- Next in thread: John Roth: "Re: Spyware going thru firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "FromTheRafters" <!0000@nomad.net> Date: Sat, 29 Jun 2002 21:20:22 -0400
"Art Kopp" <artnpeg@nowhere.com> wrote in message
news:3d1e5134.43488213@news.epix.net...
> Say for example you have given permission to IE to access the
> internet. That means the iexplore.exe program has permission. All a
> Trojan has to do is rename iexplore.exe to foo.exe and then name its
> "dirty worker" program iexplore.exe. Once "dirty worker" is finished,
> control is passed to foo.exe which makes you think everything is
> normal except perhaps IE may seem slower to load than usual. You see?
> Very simple :)
Another example is when the trojan name is iexp1ore.exe, iexpiore.exe,
iexplore .exe, or other visually similar spellings. When your firewall asks
if you want it to access the internet, you grant it permission, and never
notice the error. There are many ways to insinuate programs into the
startup axis, and to trick users into allowing access to the internet.
- Previous message: Ed Meloan: "Re: Kerio PFW Rule to allow Norton AntiVirus Updates"
- In reply to: Art Kopp: "Re: Spyware going thru firewall"
- Next in thread: John Roth: "Re: Spyware going thru firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
