I've never seen it, but it's a chilling prospect. I started writing an email explaining the various problems with this approach, and didn't get to the end before I ended up with solutions to all of them. Version control can be accomplished by using a substring to identify incremental version changes. A hash of a subset of the code can be used to thwart hostile (from the perspective of the trojan) insertion of false updates into the P2P network. And finally, the blackhat can avoid leaving a direct pointer to him/herself when they first serve up the latest update, merely by using a hijacked windows machine on a cable modem somewhere. On Wed, 2002-07-17 at 12:31, Michel Arboi wrote: > IIRC some virii or trojan horses tried to fetch updates from web pages, > usually on free hosting services. And as soon as they are detected, the > web account is closed and the dangerous files removed, so this does not > look like a very efficient chanel. > > What would happen if such a nasty piece of code used some P2P protocol > to update itself? e.g. Gnutella or eDonkey? Has anybody seen such a > "feature"? > > > > ___________________________________________________________ > Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! > Yahoo! Mail : http://fr.mail.yahoo.com ################################################################# ################################################################# ################################################################# ##### ##### ##### ################################################################# ################################################################# #################################################################
This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 11:00:39 PDT