funsec mailing list archives
Re: Malicious code could trick ZoneAlarm firewall
From: Jordan Wiens <numatrix () ufl edu>
Date: Fri, 30 Sep 2005 17:44:06 -0400 (EDT)
On Fri, 30 Sep 2005, Fergie (Paul Ferguson) wrote:
[snip] An attacker could trick the firewall by linking a malicious program, such as a keystroke logger, to another application, for example, Internet Explorer. When the keystroke logger subsequently sends its captured data out, the firewall would see IE accessing the Internet, not the spyware, and allow the connection. [snip] http://news.com.com/Malicious+code+could+trick+ZoneAlarm+firewall/2100-1002_3-5886488.html
Not exactly news, is it? Malware has been loading dynamic libraries into known applications for a while now. Heck, there are toolkits that will automatically slip one program into another for you (if memory serves, we've even seen the tool to do it loaded up on compromised machines on campus). Unless I'm missing something and this is something different?
-- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Malicious code could trick ZoneAlarm firewall Fergie (Paul Ferguson) (Sep 30)
- Re: Malicious code could trick ZoneAlarm firewall Jordan Wiens (Sep 30)
- Re: Malicious code could trick ZoneAlarm firewall John LaCour (Sep 30)
- Re: Malicious code could trick ZoneAlarm firewall Blue Boar (Sep 30)
- <Possible follow-ups>
- Re: Malicious code could trick ZoneAlarm firewall Fergie (Paul Ferguson) (Sep 30)
- Re: Malicious code could trick ZoneAlarm firewall Jordan Wiens (Sep 30)