26-10-04

trojan using datastreams to pass firewalls and hide itself

Some articles have been published on this subject the last year, but now it is being actively used by a trojan to hide itself on the computer for detection.
http://securityresponse.symantec.com/avcenter/venc/data/t...
 
what are ads http://www.windowsecurity.com/articles/Alternate_Data_Streams.html Another tool to use to find ads on systems  is the Stream Shell Extensions utility that Ryan Means created as part of his GCWN practical write-up on the topic. Ryan's utility adds a "Streams" tab to Windows Explorer when you look at a file's properties; the tab allows you to view and delete streams hidden in the file. You can access the utility and the paper at the following
http://www.giac.org/practical/GCWN/Ryan_Means_GCWN.zip
http://www.giac.org/practical/GCWN/Ryan_Means_GCWN.pdf
 
Not all antivirus finds the viruses-malware using this technique (free grisoft does) Panda, computer associates and Norton, f-secure does although you can expect the others to follow suite quickly. And if you are a client and you aren't sure, just ask why not and when, so they will feel the pressure to protect you.


23:16 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.