Hosting Provided By

Re: malicious code

From: <lists(at)notatla.demon.co.uk>
Date: Tue Jan 28 2003 - 02:20:10 EST

From: "Jeff Williams" <jsquared@erols.com>

> I'm not looking for technology. It is going to be a very long time before

ISTR one malicious logic of recent years (TCP wrapper trojan, 1999 ?) had different behaviour according to the source port of the connection.

Calling crypt(3) and comparing the result to a stored string might be another indicator.

Features such as starting a shell (or anything else) in a program you know shouldn't do that would be another. That's one of the things you can prevent with technology (such as SubDomain).

I agree that anything approaching comprehensive detection is hopeless. Received on Tue Jan 28 02:42:59 2003

This message: [ Message body ]
Next message: Crispin Cowan: "Re: safe strcpy()?"
Previous message: Ed Carp: "safe strcpy()?"
Maybe in reply to: Jeff Williams: "malicious code"
In reply to Crispin Cowan: "Re: malicious code"
Next in thread: Jason Coombs: "RE: malicious code"
Reply: Jason Coombs: "RE: malicious code"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:45 EDT

Do you need help?