Re: detecting trojan horses
From: Gerald Vogt (vogt_at_spamcop.net)
Date: 05/20/04
- Next message: Purl Gurl: "Re: Survive without ICMP?"
- Previous message: Alan Illeman: "Re: Survive without ICMP?"
- In reply to:(deleted message) futureworlds: "detecting trojan horses"
- Next in thread: futureworlds: "Re: detecting trojan horses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 May 2004 12:07:33 GMT
Hello, whatever your name is,
> 1. Computer "A" has no physical connection to the internet; and
> also has no hardware capable of effective internet connectivity,
> i.e., for example, an ethernet card.
>
> 2. Computer "B" is connected to the internet.
>
> 3. Data and files exchanged between Computer "A" and Computer
> "B" occurs only via CD-Rom R/W Disk hand carried between
> computers.
>
> Inquiries?
>
> 1. Can a trojan horhse or oter malicious electronic intruder
> first, infect Computer "B;" second, "hide" undetected on the CD-
> Rom R/W Disk (say within an authorized file copied from
> Computuer "B"); third, infect Computer "A;" and fourth, copy
> files from Computer "A" to the CD-Rom R/W Disk?
First, theoretically anything is possible. Whenevery you transfer data
between two points, it may have been infected. The only way to avoid is
to transfer only plain text and read the text before transfer and make
sure yourself it is O.K.
I am not sure, though, how many viruses nowadays still do the infection
of existing documents or programs. Years ago, before the rise of the
Internet, when data was usually exchanged on disks (you know Windows 3.1
on 12 FDDs and earlies? ;-) This was common practice: The virus
basically replaced or added some code or put itself somewhere in a
document (word macro viruses) or certainly it infected the boot block.
I am not sure how common this still is nowadays. But it is definitively
possible.
> 2. If so, could such unauthorized copying of files onto the CD-
> Rom R/W Disk from Computer "A" remain undetected, even with an
> inspection of the CD-Rom R/W Disk via the "Run" Command of the
> Windows operating system?
Is that, you want to run a program you have copied from the internet or
the other computer? If you run it, yes. Definitively. A virus should be
able to quite easily replace an existing DLL or EXE of a program with
it's own code and the original DLL or EXE in the "backpack". When you
start the program, it executes the viral code that makes itself
permanent in the memory and then just runs your original EXE. So you
will actually never notice as the program runs as normal...
> 3. Moreover, if the answer to Inquiry No. 1 is affirmative,
> could the trojan horse also first, hide undetected within an
> authorized file copied to the CD-Rom R/W Disk (from Computer
> "A"); and second, instruct dispatch of the authorized file to
> unauthorized locations via Computer "B."
Well, as we've got some data from A to B we can get data from B to A as
well. It should be even easier now that both computers are infected with
the same virus...
Gerald
- Next message: Purl Gurl: "Re: Survive without ICMP?"
- Previous message: Alan Illeman: "Re: Survive without ICMP?"
- In reply to:(deleted message) futureworlds: "detecting trojan horses"
- Next in thread: futureworlds: "Re: detecting trojan horses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
