[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <C28F721C09627D43BB66D91D245D4D6D6C8B01@ntm003.apsc.com>
From: Vincent.Maes at aps.com (Vincent.Maes@....com)
Subject: [inbox] malware added in transit
Paul wrote:
> Hi all, perhaps I'm way off-base but I've been under the impression
that malware can be added
> to clean transmissions as they pass through infected nodes. Is this
possible?
What about modifying/building an application such as dsniff on steroids.
Direct all the gateway traffic through a (dsniff) compromised system,
then watch for the target traffic and perform a disassemble/reassemble
with malware included. You could fragment the target traffic to insert
larger amounts of malware; and, by looking for the file-type headers,
proceed to target specific content. As others have said, there is
nothing available (in script kiddie format) to do this, yet. But there
are tools that can perform each of the require functions (WinPcap,
ngrep, libpcap) You just have to put them together.
Here's some more detail:
http://www.packetfactory.net/projects/libnet/2004_RSA/eol-1.0.pdf
> Maybe by 2104...
Is it that time already? ;)
Vince Maes
"MMS <apsc.com>" made the following annotations.
------------------------------------------------------------------------------
--- NOTICE ---
This message is for the designated recipient only and may contain confidential, privileged or proprietary information. If you have received it in error, please notify the sender immediately and delete the original and any copy or printout. Unintended recipients are prohibited from making any other use of this e-mail. Although we have taken reasonable precautions to ensure no viruses are present in this e-mail, we accept no liability for any loss or damage arising from the use of this e-mail or attachments, or for any delay or errors or omissions in the contents which result from e-mail transmission.
==============================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040318/06d0b3af/attachment.html
Powered by blists - more mailing lists