Re: Will this work??

From: Mackster (Mackster_at_discussions.microsoft.com)
Date: 09/11/05 

Date: Sat, 10 Sep 2005 23:42:02 -0700

Thank you.

First I would like to make it clear I am not making a viruse or a worm. This
was just an idea that came to my mind, and it was one of those "what if this
can be done wont that be a problem" question

Second if I were making a viruse, why would I use microsofts newsgroup and
where when u reply to a post it says that my IP will be tracked.

But thank you Patrick for the information as to that the theory will work,
but in practical its not that much possible, that was all that I was looking
for as an answer.

Malke this was not more of a question on how to protect myself, it was more
of a question where if this is possible, its not that I am making something
like this, but yes sure I would like to know if this is possible and what
steps should I be taking to avoid so yeah in a general it was a two part
question, protect plus possibility.

Phil, I tried to search for other areas of Microsoft to post this question
as to find out the possibilities and just that, I must have mis read the
objective of this newsgroup.

And again, thank you for answering that all I wanted to know was if this
possible, and from your responses it shows that it is not as MSN protects
against such things.

I was not happy with the word stupid as I just was asking for some knowledge
as per technical knowledge and nothing more than that. 

-- 
Mackster
"Patrick Dickey" wrote:
> Mackster wrote:
> > Hi,
> > Just a question if this theory will work, if not, then it was worth a try 
> > asking :-)
> > Currently Microsoft offers MSN Messenger, yahoo offer the Yahoo Messenger, 
> > and their are other such products. In all these chat products their is a 
> > facility to use them using a HTTP proxy, the information and settings for 
> > which are stored in the Registry (using regedit you can find it). 
> > What if a worm was made, which created a proxy on the infected machine, 
> > changed the registry settings such that the HTTP proxy was said to use 
> > 127.0.0.1 as the Proxy server, and any port can be used. Now, taking MSN 
> > Messenger as an example, if the Worm lets say ran the proxy on Port 1999 and 
> > changed the registry for MSN Messenger to use to connect to the internet 
> > using HTTP proxy on port 1999. Now, as the MSN will connect through the Worm 
> > Proxy, the worm will have the data incoming and outgoing being sent by the 
> > MSN messenger, so 
> > 1. A window can be opened on the Chat data and the data can be captured 
> > To spread, MSN messenger offers the user to transfer files, as now the Worm 
> > can have a look at the data being sent and recieved by the Messenger, it can 
> > easily modify the file being sent and attach itself or rather send itself 
> > first instead of the file, or send itself by attaching the file being sent 
> > underneath it to infect the other PC to which the file is being transferred 
> > over MSN. 
> > Once on the other PC, if the file being sent is an executable, or let say if 
> > the file being sent was a zip file, called filexxxx.zip, the worm changes the 
> > file, attaches the zip file underneath it, renames the file to 
> > filexxx.zip.pif. When the User on the other side of the chat clicks on the 
> > file being sent, the worm gets executed, which first makes the required 
> > changes so that it Loads as soon as Windows starts and changes the settings 
> > for next time. It sent extract the actual file being sent and executes the 
> > appropriate command to open the file, so that the user does not know that a 
> > worm was executed on his / her machine.
> > 
> > This is just an idea, and I am not that sure this can be done, but if this 
> > can be done, wont it have the potential of infecting a whole lot of 
> > computers, and from the Worm Proxy, this can be used to become a backdoor or 
> > a trojan. 
> > 
> > Well, just an idea. Will this work ??? 
> > 
> 
> In theory, this would work.  However, in the instance of MSN Messenger,
> a lot of file types are being blocked.  So, if the worm uses one of
> those types, the person who is already infected *should* get a message
> saying that Messenger blocked the sending of potentially unsafe file...."
> 
> Basically at this point in time, EVERYTHING that could possibly execute
> on your computer (exe, bat, com, pif, cmd, vbs (I believe, as I haven't
> tried this), etc.) are blocked.
> 
> But, like I said.. In theory this would work.  I know MSN Messenger also
> uses your Internet Explorer options.  But, I'm not sure about Yahoo at
> all, or AIM for that matter.
> 
> HTH
> 
> -- 
> Patrick Dickey <pd1ckey43@removethis.msn.com>
> http://www.pats-computer-solutions.com
> Smile..  someone out there cares deeply for you.
>