Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: [inbox] malware added in transit
From: Vincent.Maes () aps com
Date: Thu, 18 Mar 2004 09:03:45 -0700

Paul  wrote:
 
Hi all, perhaps I'm way off-base but I've been under the impression
that malware can be added   
 to clean transmissions as they pass through infected nodes.  Is this
possible? 
 
What about modifying/building an application such as dsniff on steroids.
Direct all the gateway traffic through a (dsniff) compromised system,
then watch for the target traffic and perform a disassemble/reassemble
with malware included.  You could fragment the target traffic to insert
larger amounts of malware; and, by looking for the file-type headers,
proceed to target specific content. As others have said, there is
nothing available (in script kiddie format) to do this, yet.  But there
are tools that can perform each of the require functions (WinPcap,
ngrep, libpcap)  You just have to put them together.
 
Here's some more detail:
http://www.packetfactory.net/projects/libnet/2004_RSA/eol-1.0.pdf
 
Maybe by 2104...
 
Is it that time already? ;)
 
Vince Maes
 

"MMS <apsc.com>" made the following annotations.
------------------------------------------------------------------------------
--- NOTICE ---
This message is for the designated recipient only and may contain confidential, privileged or proprietary information.  
If you have received it in error, please notify the sender immediately and delete the original and any copy or 
printout.  Unintended recipients are prohibited from making any other use of this e-mail.  Although we have taken 
reasonable precautions to ensure no viruses are present in this e-mail, we accept no liability for any loss or damage 
arising from the use of this e-mail or attachments, or for any delay or errors or omissions in the contents which 
result from e-mail transmission.

==============================================================================

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]