[24193] in bugtraq
Re: Infecting the KaZaA network?
daemon@ATHENA.MIT.EDU (GertJan de Leeuw)
Fri Feb 8 13:41:56 2002
Date: 8 Feb 2002 14:51:58 -0000
Message-ID: <20020208145158.677.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: GertJan de Leeuw <dataholic@punkass.com>
To: bugtraq@securityfocus.com
I had the same thought about this subject a long time
ago, but I discovered there are 2 major problems why
a attacker cannot successfully infect the distribution
of a new kazaa client:
1.The installation MUST have the same size as the
orginal distribution package, since kazaa will look on
its network for the filename with the exact filesize (for
multiple downloads at one time from different clients)
Because you need to 'inject' your evil code the
filesize will be bigger. Ofcourse you could pack it with
a pe packer like upx and add bytes till the exact
filesize is there , but then we have problem 2:
2.As we all know, KazaA downloads from multiple
users, so IF you have success with step 1, you will
fail at this point, because you will have an invalid exe
(a evil version merged with the orginal distro).
So the only way somebody can infect the network is ,
injecting the first compiled version of a new
distibution (but that is hardly impossible)
Regards,
GertJan de Leeuw
www.illnetworks.tk
