lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri Jun 30 14:42:43 2006
From: ACastigliola at unumprovident.com (Castigliola, Angelo)
Subject: Corporate Virus Threats

>When the malicious code writers build their viruses and Trojans why not
>code the threats to detect the use of proxy servers and if used, connect
>through them.

Typically you can get to the internet through the default gateway directly from the computer without needing to configure proxy settings. A better question would be why do viruses run in user-mode versus kernel mode (see http://www.phrack.org/show.php?p=62&a=6 "Kernel-mode backdoors for Windows NT")? My guess is that 15-18 year old kids that write viruses mostly use recycled code and are often poorly written.

>Working in Corporate America, most firewall configurations block outbound
>TCP 80, as?the proxies listen on other non-standard TCP ports.

I do not agree with this. Most corporations allow outbound TCP 80.

I think this thread is more appropriate for focus-virus and not Full-disclosure. 

Angelo Castigliola III
Enterprise Security Architecture
UnumProvident 

The posts and threads in this email do not reflect the opinions of nor are endorsed by UnumProvident, Inc., nor any of its employees.
________________________________________
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Terminal Entry
Sent: Thursday, June 29, 2006 10:14 AM
To: Bug Traq; Full Disclosure
Subject: [Full-disclosure] Corporate Virus Threats

When the malicious code writers build their viruses and Trojans why not code the threats to detect the use of proxy servers and if used, connect through them.  Working in Corporate America, most firewall configurations block outbound TCP 80, as?the proxies listen on other non-standard TCP ports.  A virus should first check to determine if a proxy is used and if so use that proxy to download the malicious code, backdoor, etc.

Thoughts...
?
Terminal Entry

Powered by blists - more mailing lists