Will this work??
From: Mackster (Mackster_at_discussions.microsoft.com)
Date: 09/10/05
- Next message: Panda_man: "RE: Will this work??"
- Previous message: Peter Foldes: "Re: The memory could not be read"
- Next in thread: Panda_man: "RE: Will this work??"
- Reply: Panda_man: "RE: Will this work??"
- Reply: Malke: "Re: Will this work??"
- Reply: Patrick Dickey: "Re: Will this work??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 9 Sep 2005 23:38:02 -0700
Hi,
Just a question if this theory will work, if not, then it was worth a try
asking :-)
Currently Microsoft offers MSN Messenger, yahoo offer the Yahoo Messenger,
and their are other such products. In all these chat products their is a
facility to use them using a HTTP proxy, the information and settings for
which are stored in the Registry (using regedit you can find it).
What if a worm was made, which created a proxy on the infected machine,
changed the registry settings such that the HTTP proxy was said to use
127.0.0.1 as the Proxy server, and any port can be used. Now, taking MSN
Messenger as an example, if the Worm lets say ran the proxy on Port 1999 and
changed the registry for MSN Messenger to use to connect to the internet
using HTTP proxy on port 1999. Now, as the MSN will connect through the Worm
Proxy, the worm will have the data incoming and outgoing being sent by the
MSN messenger, so
1. A window can be opened on the Chat data and the data can be captured
To spread, MSN messenger offers the user to transfer files, as now the Worm
can have a look at the data being sent and recieved by the Messenger, it can
easily modify the file being sent and attach itself or rather send itself
first instead of the file, or send itself by attaching the file being sent
underneath it to infect the other PC to which the file is being transferred
over MSN.
Once on the other PC, if the file being sent is an executable, or let say if
the file being sent was a zip file, called filexxxx.zip, the worm changes the
file, attaches the zip file underneath it, renames the file to
filexxx.zip.pif. When the User on the other side of the chat clicks on the
file being sent, the worm gets executed, which first makes the required
changes so that it Loads as soon as Windows starts and changes the settings
for next time. It sent extract the actual file being sent and executes the
appropriate command to open the file, so that the user does not know that a
worm was executed on his / her machine.
This is just an idea, and I am not that sure this can be done, but if this
can be done, wont it have the potential of infecting a whole lot of
computers, and from the Worm Proxy, this can be used to become a backdoor or
a trojan.
Well, just an idea. Will this work ???
- Next message: Panda_man: "RE: Will this work??"
- Previous message: Peter Foldes: "Re: The memory could not be read"
- Next in thread: Panda_man: "RE: Will this work??"
- Reply: Panda_man: "RE: Will this work??"
- Reply: Malke: "Re: Will this work??"
- Reply: Patrick Dickey: "Re: Will this work??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
