funsec mailing list archives

Re: Malicious code could trick ZoneAlarm firewall

From: Jordan Wiens <numatrix () ufl edu>
Date: Fri, 30 Sep 2005 17:44:06 -0400 (EDT)

On Fri, 30 Sep 2005, Fergie (Paul Ferguson) wrote:


[snip]

An attacker could trick the firewall by linking a malicious program, such as a keystroke logger, to another 
application, for example, Internet Explorer. When the keystroke logger subsequently sends its captured data out, the 
firewall would see IE accessing the Internet, not the spyware, and allow the connection.

[snip]

http://news.com.com/Malicious+code+could+trick+ZoneAlarm+firewall/2100-1002_3-5886488.html

Not exactly news, is it? Malware has been loading dynamic libraries intoknown applications for a while now. Heck, there are toolkits that willautomatically slip one program into another for you (if memory serves,we've even seen the tool to do it loaded up on compromised machines oncampus). Unless I'm missing something and this is something different?


--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Malicious code could trick ZoneAlarm firewall Fergie (Paul Ferguson) (Sep 30)
- Re: Malicious code could trick ZoneAlarm firewall Jordan Wiens (Sep 30)
  - Re: Malicious code could trick ZoneAlarm firewall John LaCour (Sep 30)
- Re: Malicious code could trick ZoneAlarm firewall Blue Boar (Sep 30)
- <Possible follow-ups>
- Re: Malicious code could trick ZoneAlarm firewall Fergie (Paul Ferguson) (Sep 30)