Actually, would a port knocking trojan be more secure? The client side of the trojan would be distributed I am sure, and the ability to gain access to the trojan would be in place. Now a mass-rooter script would be wrote that would simply knock on each machine then try the port. Even if you used DES/blowfish knock sequence encrypting for greater control, the passprase would be the same as the original code, or viewable none the less. For example, if I wanted to be mean, I could go into kaza and search for the files that my.doom deposits in the download folder of my victim. I learned about this virus's habits from security sites detailing what the virus does, giving me enough information to gleem targets without port-scanning. I's sure with any mass viri, this would be the same senario.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/221/25191#25191