Re: Infecting the KaZaA network?

[Ben Laurie <ben () algroup co uk>]

GertJan de Leeuw wrote:
> I had the same thought about this subject a long time
> ago, but I discovered there are 2 major problems why
> a attacker cannot successfully infect the distribution
> of a new kazaa client:
>
> 1.The installation MUST have the same size as the
> orginal distribution package, since kazaa will look on
> its network for the filename with the exact filesize (for
> multiple downloads at one time from different clients)
> Because you need to 'inject' your evil code the
> filesize will be bigger. Ofcourse you could pack it with
> a pe packer like upx and add bytes till the exact
> filesize is there , but then we have problem 2:
>
> 2.As we all know, KazaA downloads from multiple
> users, so IF you have success with step 1, you will
> fail at this point, because you will have an invalid exe
> (a evil version merged with the orginal distro).
>
> So the only way somebody can infect the network is ,
> injecting the first compiled version of a new
> distibution (but that is hardly impossible)

Hardly true - localise the code change, then anyone who downloads that
section from you is infected. Of course if they do secure checksums its
game over.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff