GertJan de Leeuw wrote: > > I had the same thought about this subject a long time > ago, but I discovered there are 2 major problems why > a attacker cannot successfully infect the distribution > of a new kazaa client: > > 1.The installation MUST have the same size as the > orginal distribution package, since kazaa will look on > its network for the filename with the exact filesize (for > multiple downloads at one time from different clients) > Because you need to 'inject' your evil code the > filesize will be bigger. Ofcourse you could pack it with > a pe packer like upx and add bytes till the exact > filesize is there , but then we have problem 2: > > 2.As we all know, KazaA downloads from multiple > users, so IF you have success with step 1, you will > fail at this point, because you will have an invalid exe > (a evil version merged with the orginal distro). > > So the only way somebody can infect the network is , > injecting the first compiled version of a new > distibution (but that is hardly impossible) Hardly true - localise the code change, then anyone who downloads that section from you is infected. Of course if they do secure checksums its game over. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
This archive was generated by hypermail 2b30 : Mon Feb 11 2002 - 11:17:45 PST