Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Worm bait?



On Wed, Aug 20, 2003 at 12:08:04AM -0400, J. Hunter Heinlen wrote:
> > Trojan - any program described to be benign or beneficial but actually
> > a worm or virus in disguise.  See "Trojan Wars".
> 
> Er....  Not quite my understanding.  A trojan program is any program
> that claims to do one thing, but performs another, secret, function,
> either in addition to, or in lieu of, the claimed function.  Often
> created on purpose by a programmer, or inserted clandestinely in
> someone else programs by hand (ie, through a cracked ftp server that
> serves source, such as the FSF, which was cracked last year).  A
> backdoor is a special type of trojan function, as are mockingbirds.
> May, or may not be, a virus or worm.

None of the specifics you give here conflict with the general definition
I gave above.  In fact your first line is a simple re-statement of
exactly what I said. Your merely describe more of what "might" be done by a
trojan or how a trojan might be created.  Backdoors are another function
frequently generated by worms/virii.

I think we have to be wary of defining our boxes too narrowly, or you'll
end up thinking that a virus requires email and a user reading it to
propagate, that a trojan needs to trick a "privileged user" into executing
it, and that a "Bot" is IRC controlled and only used to create backdoors.
(see Johannes B. Ullrich posts).

All three of these examples completely ignore the many other ways  these
items can work or what they can be used to do.

I can see that these perceptions exist because of the recent history of
how they are being used to attack MS-WIn system over the internet but
this is hardly all they are limited too.

Those who forget history are doomed to repeat it.

Eventually even MS-Win systems "May" become more resistant to this easy
attach methods.  When/if that happens, malware producers will return to
using the more subtle methods pioneered for attacks on UNIX-Like systems,
like the morris worm.  In fact the blaster virus which attacks MS-Win
via the rpc mechanism is more similar to technique used in the morris
worm than it is to MS-Email based attacks.

-- 
Jeff Kinz, Open-PC, Emergent Research,  Hudson, MA.  jkinz at kinz.org
copyright 2003.  Use is restricted. Any use is an 
acceptance of the offer at http://www.kinz.org/policy.html.
Don't forget to change your password often.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org