('binary' encoding is not supported, stored as-is) I had the same thought about this subject a long time ago, but I discovered there are 2 major problems why a attacker cannot successfully infect the distribution of a new kazaa client: 1.The installation MUST have the same size as the orginal distribution package, since kazaa will look on its network for the filename with the exact filesize (for multiple downloads at one time from different clients) Because you need to 'inject' your evil code the filesize will be bigger. Ofcourse you could pack it with a pe packer like upx and add bytes till the exact filesize is there , but then we have problem 2: 2.As we all know, KazaA downloads from multiple users, so IF you have success with step 1, you will fail at this point, because you will have an invalid exe (a evil version merged with the orginal distro). So the only way somebody can infect the network is , injecting the first compiled version of a new distibution (but that is hardly impossible) Regards, GertJan de Leeuw www.illnetworks.tk
This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 15:59:02 PST