|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ben Laurie (ben
algroup.co.uk)Date: Sun Feb 10 2002 - 00:31:59 CST
GertJan de Leeuw wrote:
>
> I had the same thought about this subject a long time
> ago, but I discovered there are 2 major problems why
> a attacker cannot successfully infect the distribution
> of a new kazaa client:
>
> 1.The installation MUST have the same size as the
> orginal distribution package, since kazaa will look on
> its network for the filename with the exact filesize (for
> multiple downloads at one time from different clients)
> Because you need to 'inject' your evil code the
> filesize will be bigger. Ofcourse you could pack it with
> a pe packer like upx and add bytes till the exact
> filesize is there , but then we have problem 2:
>
> 2.As we all know, KazaA downloads from multiple
> users, so IF you have success with step 1, you will
> fail at this point, because you will have an invalid exe
> (a evil version merged with the orginal distro).
>
> So the only way somebody can infect the network is ,
> injecting the first compiled version of a new
> distibution (but that is hardly impossible)
Hardly true - localise the code change, then anyone who downloads that
section from you is infected. Of course if they do secure checksums its
game over.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]