Bugtraq mailing list archives
Re: On classifying attacks
From: Crispin Cowan <crispin () novell com>
Date: Sun, 24 Jul 2005 04:47:25 -0700
Technica Forensis wrote:
This really depends on the situation. Say I write an exploit that when run as a user spawns a listening ssh service with root priv. I get on the system however I do, download this file and exec it. I think everyone would agree that is a local exploit. I send that same file as an email attachment to some dolt and peer pressure him into running it. Just because I downloaded the file by emailing it to said dolt doesn't change the exploit from local to remote. It potentially changes it from 'exploit' to trojan, but it is still being executed locally.
That sounds like a compound attack with 2 stages: * a social engineering attack to get the victim to run the code o can be very simple like "please run this code" o can be very sophisticated, like phishing attacks carefully crafted to resemble legitimate mail to get the user to click on something * a local attack that happens when you run the malware What makes this compound attack "remote" is that the social engineering attack is remote. This makes most common viruses compound remote/local attacks with a remote social engineering attack to somehow induce the user to run a local attack. The exception to this is e-mail viruses that require no social engineering because they can exploit some flaw in the preview pane or such like so that the user only has to browse the mail to run the malware. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Director of Software Engineering, Novell http://novell.com
Current thread:
- Re: On classifying attacks, (continued)
- Re: On classifying attacks James Longstreet (Jul 18)
- Re: On classifying attacks Adam Shostack (Jul 19)
- Re: On classifying attacks Mihai Amarandei-Stavila (Jul 18)
- Re: On classifying attacks Crispin Cowan (Jul 18)
- Re: On classifying attacks Indigo Haze (Jul 16)
- Re: On classifying attacks Steven M. Christey (Jul 18)
- Re: On classifying attacks Dustin D. Trammell (Jul 19)
- RE: On classifying attacks Black, Michael (Jul 19)
- Re: On classifying attacks Crispin Cowan (Jul 19)
- Re: On classifying attacks Technica Forensis (Jul 20)
- Re: On classifying attacks Crispin Cowan (Jul 27)
- Re: On classifying attacks Crispin Cowan (Jul 19)
- Re: On classifying attacks Crispin Cowan (Jul 28)