Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

[PEN-TEST] penetrating trojan

From: Sven Bruelisauer <sven () OPEN CH>
Date: Fri, 1 Dec 2000 15:57:09 +0100
Hello,

Recently, associated with a penetration test of one of our customers, we
had a long discussion about various hacker techniques including well
known trojans such as bo2k or sub7.

Despite of a huge variety of plug-ins that are available for bo2j for
example, I did not encounter one that makes the trojan the initiator of
a connection. The trojan may send the ip of the compromised system to
his master or accept encrypted connections even over tunneling as I
detected once.

So all companies that have Network Address Translation enabled, are safe
from such trojans since the "master" never will be able to contact the
trojan (the victims IP will not be routed from the outside) !?

What would make the situation a lot more dangerous is when the trojan
itself had the connection started, let's say over port 80 using http
protocol, e.g. pretending being a browser. Most Firewall settings would
allow such a connection and the trojan could unfold his power (assuming
he was not detected by a local anti virus program.

Why did I never encounter such a trojan? Am I missing something ... has
anybody heard of such attacks?

Regards
  sven
-------------------------------------------------------------
OOOOOOOOOOO         sven bruelisauer      sven () open ch
O         O          cellular:            (+41) 79 6091401
O open    O          work:                (+41) 1  4557400
O systems O
O         O          http://www.open.ch
OOOOOOOOOOO
Previous By Date Next
Previous By Thread Next

Current thread: