Re: Trojan with outbound notification and no payload

From: Jay D. Dyson (jdysonat_private)
Date: Fri Aug 17 2001 - 14:59:59 PDT

  • Next message: anindya: "Re: Wireless Recon with NetStumbler"

    On Fri, 17 Aug 2001, Justin Funke wrote:
    > Does anyone know of a script that when executed from an email can notify
    > back to me that the attachment was executed. I don't want anything with
    > any kind of payload - just a notification as part of a test. 
    	Sure.  Just use an old tried-and-true web bug.  The script can
    just make a GET request to http://domain.tld/obfuscated-dir/file.jpg and
    you can review your web logs at leisure. 
    > Something not detectable by virus scanners would be a bonus - I want to
    > audit the human component of the equation. 
    	Virus scanners won't see it, but something like ZoneAlarm would
    kvetch about an outbound connect attempt to your remote system.
    - -Jay
      (    (                                                          _______
      ))   ))   .--"There's always time for a good cup of coffee"--.   >====<--.
    C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) |    = |-'
     `--' `--'  `-------- Real men prefer full disclosure. --------'  `------'
    Version: 2.6.2
    Comment: See for current keys.
    -----END PGP SIGNATURE-----
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Sat Aug 18 2001 - 10:26:02 PDT