Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Infecting the KaZaA network?
From: Ben Laurie <ben () algroup co uk>
Date: Sun, 10 Feb 2002 06:31:59 +0000

GertJan de Leeuw wrote:

I had the same thought about this subject a long time
ago, but I discovered there are 2 major problems why
a attacker cannot successfully infect the distribution
of a new kazaa client:

1.The installation MUST have the same size as the
orginal distribution package, since kazaa will look on
its network for the filename with the exact filesize (for
multiple downloads at one time from different clients)
Because you need to 'inject' your evil code the
filesize will be bigger. Ofcourse you could pack it with
a pe packer like upx and add bytes till the exact
filesize is there , but then we have problem 2:

2.As we all know, KazaA downloads from multiple
users, so IF you have success with step 1, you will
fail at this point, because you will have an invalid exe
(a evil version merged with the orginal distro).

So the only way somebody can infect the network is ,
injecting the first compiled version of a new
distibution (but that is hardly impossible)

Hardly true - localise the code change, then anyone who downloads that
section from you is infected. Of course if they do secure checksums its
game over.



http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]