> From: Boy Bear [mailto:eyal067at_private] > Sent: Saturday, August 09, 2003 4:12 AM > > > The Bug factor so lamb Firewall "ignored" from Trojan. > > The Trojan than himself in Firewall and so the actually Trojan worker > without disturbance the of Firewall. Ah, machine translation. A cursory glance through the VB source [see original message] suggests that the proposed exploit is to have a trojan recognize the firewall pop-up asking if the trojan should be permitted network access, and spoofing the user input to grant it. Simple enough. There appears to be a bug in the included source: > Private Sub wHideShow(HideShow As Boolean) > > Dim hwnd As Long > hwnd = FindWindow(vbNullString, "Norton Personal Firewall") > 'if not found then.. > If hwnd = 0 Then > Exit Sub > End If > 'if not hidden - hide, else - show > If HideShow Then > ShowWindow hwnd, SW_SHOW > Else > ShowWindow hwnd, SW_SHOW > End If > > End Sub Presumably one of "SW_SHOW" should be "SW_HIDE". Since wHideShow is never used by the program, and "HideShow" is not exactly a meaningful parameter name, it's hard to guess which. Then again, since wHideShow is never used, it doesn't really matter. I suppose a simple defense for "personal firewall" vendors against this sort of thing would be to use hard-to-guess window titles for their popups... -- Michael Wojcik Principal Software Systems Developer, Micro Focus
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 13:51:09 PDT