lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D2741C6@pivxwin2k1.secnet.pivx.com>
From: thor at pivx.com (Thor Larholm)
Subject: Backdoor not recognized by Kaspersky

SMTP authentication will not do much to stop viruses from spreading.
Some viruses are already moving away from just implementing their own
SMTP server to reusing whatever SMTP credentials you have on your
machine. Having your own SMTP engine is a nice fallback solution just in
case, but if you can read the users login credentials to his corporate
mailserver you are far better off.

Imagine us all implementing SPF, Caller ID or Domain Keys - what would
happen? We would all have to use a mail server that has implemented one
of these 'solutions'. Naturally, virus writers would then just reuse
your SMTP login credentials to spew their virus through that same MTA.

Another quick workaround to SPF, Caller ID and Domain Keys has alredy
been implemented by spammers for a year or so. The only premise behind
S/C/D is that you are trusted if you have access to a DNS server.
Spammers are using compromised machines not only as SMTP servers, but
also web servers and DNS servers. The end result is that spammers have
already completely circumvented all three solutions way before they were
ever implemented.


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 

-----Original Message-----
From: Larry Seltzer [mailto:larry@...ryseltzer.com] 
Sent: Wednesday, March 03, 2004 1:38 PM
To: 'Mike Barushok'; full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky


>>I feel the need to address the problem from an ISP perspective, since 
>>the corporate
and government and other institutional persective seems to give
different answers. And because the ISP end user problem is still the
majority of the reservoir for viruses (and spam proxy/relay/trojans).

I really feel for you guys. As I've argued in another thread, I think
SMTP authentication will likely cut this stuff down to a trickle
compared to the current volume. As an ISP, how big a problem would you
have with that. An even better question: Would you have a problem
implementing SPF, Caller ID and Domain Keys (i.e. all 3)? It gets to the
same issue of changing practices for your users: at some point you have
to either bounce or segregate mail that doesn't authenticate. 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists