Security Incidents mailing list archives
Re: Intrusec 55808 Trojan Analysis
From: Peter Busser <peter () trusteddebian org>
Date: Wed, 25 Jun 2003 09:02:04 +0200
Hi!
Since it can be delivered anywhere on the subnet the trojan is listening promiscuously on, it is difficult to figure out where the trojan is actually located even upon capturing this command.
But you can also use that command to your own advantage. Simply regularly inject messages which will make the trojan try to contact a machine you own. The trojan will then expose itself. Groetjes, Peter Busser -- Adamantix - Taking high-security Linux out of the labs, and into the world. http://www.adamantix.org/ ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Intrusec 55808 Trojan Analysis David J. Meltzer (Jun 21)
- <Possible follow-ups>
- Intrusec 55808 Trojan Analysis David J. Meltzer (Jun 21)
- Re: Intrusec 55808 Trojan Analysis gwhy555 (Jun 23)
- Re: Intrusec 55808 Trojan Analysis Valdis . Kletnieks (Jun 24)
- RE: Intrusec 55808 Trojan Analysis David J. Meltzer (Jun 24)
- Re: Intrusec 55808 Trojan Analysis Peter Busser (Jun 25)
- Re: Intrusec 55808 Trojan Analysis Philippe Bourgeois (Jun 27)