Hosting Provided By

RES: HTTP based trojans

From: <AQBARROS(at)BKB.com.br>
Date: Fri Nov 08 2002 - 07:51:02 EST

Exactly. It seems to me that the only way to detect it is through some kind of behaviour analysis. The data flow, in this case, would be inverted (more data leaving the client than arriving). Could it be used to detect the trojan?

Augusto.

-----Mensagem original-----
De: Rob Shein [mailto:shoten@starpower.net] Enviada em: quinta-feira, 7 de novembro de 2002 13:59 Para: 's.wun'; AQBARROS@BKB.com.br; focus-ids@securityfocus.com Assunto: RE: HTTP based trojans

Yes, except that in Setiri, for example, the communication adheres to HTTP standards. It's not just a trojan using port 80 to slip through firewalls and IDS systems unnoticed; it actually uses Internet Explorer as a component of itself, so that even local app-aware firewalling like ZoneAlarm, Norton Internet Security or BlackIce won't see anything unusual.

> -----Original Message-----

Esta mensagem, incluindo seus anexos, pode conter informação confidencial e/ou privilegiada. Se você recebeu este e-mail por engano, não utilize, copie ou divulgue as informações nele contidas. E, por favor, avise imediatamente o remetente, respondendo ao e-mail, e em seguida apague-o. Este e-mail possui conteúdo informativo e não transacional. Caso necessite de atendimento imediato, recomendamos utilizar um dos canais disponíveis: Internet Banking (www.bankboston.com.br), BankBoston por telefone (www.bankboston.com.br/bpt) ou agência/representante de atendimento de sua conveniência. Agradecemos sua colaboração. This message, including its attachments, may contain confidential and/or privileged information. If you received this email by mistake, do not use, copy or disseminate any information herein contained. Please notify us immediately by replying to the sender and then delete it. This email is for information purposes only, not for transactions. In case you need immediate assistance, please use one of the following channels: Internet Banking (www.bankboston.com.br), BankBoston by phone (www.bankboston.com.br/bpt) or branch/relationship manager at your convenience. Thank you for your cooperation. Received on Fri Nov 8 11:27:12 2002

This message: [ Message body ]
Next message: Proxy Administrator: "Re: Re: Changes in IDS Companies?"
Previous message: Craig M. Taylor: "Capturing NID traffic with CISCO"
In reply to Rob Shein: "RE: HTTP based trojans"
Reply: Rob Shein: "RE: Protocol Anomaly Detection IDS - Honeypots"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:04 EDT