Robert Lemos, SecurityFocus 2005-06-13
Software attack tools that turn PCs into remotely controlled zombies are getting better, but defenses are not keeping up, say security experts.
Colapse all |
Post comment
Stealthy Trojan horses, modular bot software dodging defenses
2005-06-14
Anonymous (1 replies)
Anonymous (1 replies)
What you need is a good HIDS, e.g. ASE
2005-06-22
Mike (2 replies)
Mike (2 replies)
It is practically impossible to block a _trojan_ in real time, since it is only a program like any other, it is not spreading like a virus. Rather, generic host based intrusion detection systems like e.g. "All-Seeing Eye" (http://www.fortego.com/ase) is the thing of the future I think. If those Isra...
[ more ] [ reply ]
[ more ] [ reply ]
Re: What you need is a good HIDS, e.g. ASE
2005-06-24
Anonymous
Anonymous
It's easy to block a trojan by using software IE (Cisos Security Agent) that forces an application to conform to application behavior appropriate to it's type of applicaion. Example wouls include a mail program should be opening network connections for smtp pop3 imap and should not be opening comma...
[ more ] [ reply ]
[ more ] [ reply ]
Stealthy Trojan horses, modular bot software dodging defenses
2005-06-15
Fred Reed (2 replies)
Fred Reed (2 replies)
Among other things I'm tech writer for the Washington Times. Question: If my mail software auto-deleted all executable attachments, if I surfed with an XP Pro user account not privileged to write to registry, and if I used Netscape 8.0 to allow active content only from trusted sites such as banking ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Stealthy Trojan horses, modular bot software dodging defenses
2005-06-21
Anonymous
Anonymous
Fred, it's Anonymous here again.
Buffer overflows come from clicking links on websites and from Active X, Javascript and from internet enabled software which has undefined RAM buffer lengths, so that if the hacker codes extra commands into the link you expected, the extra code overwrites valid memo...
[ more ] [ reply ]
Buffer overflows come from clicking links on websites and from Active X, Javascript and from internet enabled software which has undefined RAM buffer lengths, so that if the hacker codes extra commands into the link you expected, the extra code overwrites valid memo...
[ more ] [ reply ]
Stealthy Trojan horses, modular bot software dodging defenses
2005-09-01
Anonymous
Anonymous
HIDS is a thing of the past, detection means infection....the future is in SANA securities Primary Response 3.1. A host based IPS that dosent require scans for malicious code and therefore has the ability to stop zero day attacks for which no code has been written....stop living in the past and visi...
[ more ] [ reply ]
[ more ] [ reply ]
So, don't run as administrator on WIndows
2005-11-04
Anonymous (1 replies)
Anonymous (1 replies)
Many of the assorted trojans/worms will simply not work if the users fooled into executing them are not running in Adminstrator mode on Windows. The malware won't be able to change Hosts files, disable anti-virus software, change DNS servers, install startup software, install browser hijackers, etc...
[ more ] [ reply ]
[ more ] [ reply ]
Re: So, don't run as administrator on WIndows
2006-07-12
AnonymousCISSP
AnonymousCISSP
It's not that simple.
Problem is that a lot of exploits run with privs for the service that they target not the user. So if a user with no privs runs a server that requires root privileges, a buffer overflow (for example) will get the root privs not the limited user privs.
That's behavior t...
[ more ] [ reply ]
Problem is that a lot of exploits run with privs for the service that they target not the user. So if a user with no privs runs a server that requires root privileges, a buffer overflow (for example) will get the root privs not the limited user privs.
That's behavior t...
[ more ] [ reply ]
[ more ] [ reply ]