Hosting Provided By

RE: HTTP based trojans

From: Rob Shein <shoten(at)starpower.net>
Date: Thu Nov 07 2002 - 11:59:28 EST

Yes, except that in Setiri, for example, the communication adheres to HTTP standards. It's not just a trojan using port 80 to slip through firewalls and IDS systems unnoticed; it actually uses Internet Explorer as a component of itself, so that even local app-aware firewalling like ZoneAlarm, Norton Internet Security or BlackIce won't see anything unusual.

> -----Original Message-----
> From: s.wun [mailto:s.wun@thales-is.com.hk]
> Sent: Wednesday, November 06, 2002 9:13 PM
> To: AQBARROS@BKB.com.br; focus-ids@securityfocus.com
Received on Thu Nov 7 17:30:56 2002

This message: [ Message body ]
Next message: Craig M. Taylor: "Capturing NID traffic with CISCO"
Previous message: Daniel Polombo: "Re: Prelude IDS"
In reply to: s.wun: "Re: HTTP based trojans"
In reply to AQBARROS(at)BKB.com.br: "RES: HTTP based trojans"
Reply: AQBARROS(at)BKB.com.br: "RES: HTTP based trojans"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:04 EDT