Re: Trojan Horses Popular To The Malicious Hackers
From: Me (no_address_for_stinking_spammers_to_abuse@x-ray.gs)
Date: 11/19/02
- Next message: mhicaoidh: "Re: Trojan Horses Popular To The Malicious Hackers"
- Previous message: Bill Sanderson: "Re: Trojan Horses Popular To The Malicious Hackers"
- In reply to: Karl Levinson [x y] mvp: "Re: Trojan Horses Popular To The Malicious Hackers"
- Next in thread: mhicaoidh: "Re: Trojan Horses Popular To The Malicious Hackers"
- Reply: mhicaoidh: "Re: Trojan Horses Popular To The Malicious Hackers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Me <no_address_for_stinking_spammers_to_abuse@x-ray.gs> Date: Tue, 19 Nov 2002 17:35:21 -0500
On Tue, 19 Nov 2002 14:17:12 -0500, "Karl Levinson [x y] mvp"
<levinson_k@excite.com> wrote:
>There are some known trojan tools which can disable your personal firewall
>software while making it appear to continue working.
>
>For firewalls like Zone Alarm and Sygate which can block certain .EXE file
>names from accessing the network, there are known trojans and methods which
>can make the communication appear to come from a generally trusted
>executable such as IEXPLORE.EXE Other firewalls don't watch the name of
>the file generating the traffic, so as long as the trojan is not using a
>restricted port, these firewalls would let the trojan right out.
Excellent. There's one more trick that can be useful. Ever notice how
Zone Alarm request permission to allow an un-approved process to
access the WAN? You just write the bug to activate the "OK" button
before the alert window ever has a chance to pop up, LOL. Oldami
posted a proof of concept on it a while back.
<repost of achived oldami post>
Message-ID:
<b2xkYW1p.f844da76d77d79428e14e820e0915ee6@1026002686.cotse.net>
Date: Sat, 6 Jul 2002 20:44:46 -0400 (EDT)
Newsgroups: alt.hackers.malicious
Subject: how to bypass zone alarm
From: "oldami" <oldami-no-spam-no-spam@cotse.org>
Probably nobody cares, but here it is anyway
ZAdodge.c Zone Alarm Dodge by oldami
Proof of concept to demonstrate one of the weaknesses of
host based firewalls.
This is for educational purposes only.
I will not be responsible for any mis-use of this information.
Concept: Zone alarm will prompt the user before allowing an unknown
program to make an outgoing connection to the internet. All a
program
needs to do is make the zone alarm program think the user has
pressed
some keys to respond to the prompt.
note: The SendInput function only works in Win98 and later.
This was developed and tested on WinNT 4.0 SP6a but should
work on anything later than Win98.
Author: oldami@cotse.net
complete source at
http://www.cotse.net/users/oldami/zadodge.c
-oldami
</repost of achived oldami post>
- Next message: mhicaoidh: "Re: Trojan Horses Popular To The Malicious Hackers"
- Previous message: Bill Sanderson: "Re: Trojan Horses Popular To The Malicious Hackers"
- In reply to: Karl Levinson [x y] mvp: "Re: Trojan Horses Popular To The Malicious Hackers"
- Next in thread: mhicaoidh: "Re: Trojan Horses Popular To The Malicious Hackers"
- Reply: mhicaoidh: "Re: Trojan Horses Popular To The Malicious Hackers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
