Bugtraq mailing list archives

RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior

From: "ashton" <ashton () joltmedia com>
Date: Thu, 18 Dec 2003 22:53:05 -0500

I do not know that emule can use plugins at this time.

-ashton

-----Original Message-----
From: Max [mailto:max () maxandcarrie com] 
Sent: Thursday, December 18, 2003 3:32 PM
To: ashton; 'Pavel Kankovsky'
Cc: bugtraq () securityfocus com
Subject: RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior

Does this same plugin system also apply to emule?

On Thu, 18 Dec 2003 07:03:17 -0500, ashton wrote

1. giFT is unix - until noted otherwise, so goodluck. 2. Windows 
Media is not P2P with a built in search of 1.2 million people for 
the "uber upload limit crack plugin" in which when loaded is an 
actual virus, it's very hard for joe average to get a harmful WMP 
plugin but with this method in Overnet it's too easy, plus they 
could propogate themselves through Overnet vulnerabilities on top.

-----Original Message-----
From: Pavel Kankovsky [mailto:peak () argo troja mff cuni cz] 
Sent: Wednesday, December 17, 2003 6:43 PM
To: Julian Ashton
Cc: bugtraq () securityfocus com
Subject: Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior

On 17 Dec 2003, Julian Ashton wrote:

Good question, I have been working on plugin systems suchs as giFT and
Windows Media for quite a while and while they can do some neat
things, this kind of behavoir cannot happen because of the way they
were architechted. When I think of "plugins" I think of 1. An sdk. 2.
Methods that you create that the "client" listens for. 3. All code in
the plugin is sent to the "client" not the OS level. 4. Mainly COM
(this plugin uses full use of C++/MFC in a DLL)


Excuse me...how do giFT or Windows Media prevent their plugins from
accessing the OS interface directly and doing whatever they (the 
plugins) want to do? Do they run the plugins in a virtual machine?

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--
http://www.vcnet.com/bms ] "Resistance is futile. Open your source 
code and prepare for assimilation."




--
Open WebMail Project (http://openwebmail.org)

Current thread:

Edonkey/Overnet Plugins capable of Virus/Worm behavior Julian Ashton (Dec 17)
- Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior Eric Anderson (Dec 17)
- Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior Pavel Kankovsky (Dec 18)
  - RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior ashton (Dec 18)
    - RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior Max (Dec 18)
    - RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior ashton (Dec 19)
- Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior Eric "MightyE" Stevens (Dec 19)
- <Possible follow-ups>
- Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior Julian Ashton (Dec 18)
  - Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior Alexander Demenshin (Dec 18)
- RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior Aaron_Yemm (Dec 18)
  - RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior ashton (Dec 18)
- Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior nagual (Dec 19)
- RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior Andre Lorbach (Dec 19)