On Wed, 6 Feb 2002 17:10:50 -0300 "Andrew McClymont" <andrewmcclymont@d-link.net> wrote: > I just found out a folder named "My shared folder" under the KaZaA > installation folder. > > Inside "My shared folder" there were various KaZaA installshield > packages (exe files). > > Now, the people at FastTrack promotes their engine as a distributed > way to send files to end users. This is seen whe you download KaZaA, > you get a little exe (500 k) that downloads the full KaZaA client from > one of its users, I would guess, from the "My shared folder". > > What happens if I infect the files under "My shared folder" with a > virii or some trojan, every user that gets their KaZaA client from my > computer gets screwed, right? And then, the victim himself will be > sharing the KaZaA client infected to new victims. fasttrack is using a digest to identify files. iirc not the whole file but some kbytes from the beginning. + filesize. could be exploitable, but the digest reduces the chance to work. cheerz corecode -- /"\ http://corecode.ath.cx/ \ / \ ASCII Ribbon Campaign / \ Against HTML Mail and News
This archive was generated by hypermail 2b30 : Sat Feb 09 2002 - 15:45:59 PST