On advice of bugtraq moderator I'm moving my reply here. The thread is basically dealing with the possibility of infecting with a virus the distribution of kazaa client since it's shared. I will quote the whole original message since some of you may not receive 'traq: From: "GertJan de Leeuw" <dataholicat_private> > I had the same thought about this subject a long time > ago, but I discovered there are 2 major problems why > a attacker cannot successfully infect the distribution > of a new kazaa client: > > 1.The installation MUST have the same size as the > orginal distribution package, since kazaa will look on > its network for the filename with the exact filesize (for > multiple downloads at one time from different clients) > Because you need to 'inject' your evil code the > filesize will be bigger. Ofcourse you could pack it with > a pe packer like upx and add bytes till the exact > filesize is there , but then we have problem 2: > > 2.As we all know, KazaA downloads from multiple > users, so IF you have success with step 1, you will > fail at this point, because you will have an invalid exe > (a evil version merged with the orginal distro). There's a third major problem: 3) Kazaa uses MD5 to check that files are identical when starting a multiple download and/or looking for "alternate sources" for a given file (this is explained on their site). In fact if you just change a letter in the ID3 of an MP3 file, it will not be listed as a "copy", even if otherwise identical. You can, instead, alter the filename without risk. Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys
This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 15:26:45 PST