|
|
BugTraq
Edonkey/Overnet Plugins capable of Virus/Worm behavior Dec 17 2003 01:59AM Julian Ashton (ashton joltmedia com) (3 replies) Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior Dec 19 2003 06:39PM Eric \MightyE\ Stevens (trash mightye org) Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior Dec 17 2003 11:43PM Pavel Kankovsky (peak argo troja mff cuni cz) (1 replies) Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior Dec 17 2003 10:54PM Eric Anderson (anderson cs uoregon edu) |
|
Privacy Statement |
not P2P with a built in search of 1.2 million people for the "uber upload
limit crack plugin" in which when loaded is an actual virus, it's very hard
for joe average to get a harmful WMP plugin but with this method in Overnet
it's too easy, plus they could propogate themselves through Overnet
vulnerabilities on top.
-----Original Message-----
From: Pavel Kankovsky [mailto:peak (at) argo.troja.mff.cuni (dot) cz [email concealed]]
Sent: Wednesday, December 17, 2003 6:43 PM
To: Julian Ashton
Cc: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior
On 17 Dec 2003, Julian Ashton wrote:
> Good question, I have been working on plugin systems suchs as giFT and
> Windows Media for quite a while and while they can do some neat
> things, this kind of behavoir cannot happen because of the way they
> were architechted. When I think of "plugins" I think of 1. An sdk. 2.
> Methods that you create that the "client" listens for. 3. All code in
> the plugin is sent to the "client" not the OS level. 4. Mainly COM
> (this plugin uses full use of C++/MFC in a DLL)
Excuse me...how do giFT or Windows Media prevent their plugins from
accessing the OS interface directly and doing whatever they (the plugins)
want to do? Do they run the plugins in a virtual machine?
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
[ reply ]