Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Infecting the KaZaA network?
From: GertJan de Leeuw <dataholic () punkass com>
Date: 8 Feb 2002 14:51:58 -0000

I had the same thought about this subject a long time 
ago, but I discovered there are 2 major problems why 
a attacker cannot successfully infect the distribution 
of a new kazaa client:

1.The installation MUST have the same size as the 
orginal distribution package, since kazaa will look on 
its network for the filename with the exact filesize (for 
multiple downloads at one time from different clients)
Because you need to 'inject' your evil code the 
filesize will be bigger. Ofcourse you could pack it with 
a pe packer like upx and add bytes till the exact 
filesize is there , but then we have problem 2:

2.As we all know, KazaA downloads from multiple 
users, so IF you have success with step 1, you will 
fail at this point, because you will have an invalid exe 
(a evil version merged with the orginal distro).

So the only way somebody can infect the network is , 
injecting the first compiled version of a new 
distibution (but that is hardly impossible)


GertJan de Leeuw

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]