Author Topic: New ways to bypass firewalls  (Read 46671 times)

p2u

  • Guest
Re: New ways to bypass firewalls
« Reply #75 on: November 18, 2006, 01:25:11 AM »
How does this malware connect to the net? Directly sending the data?

I have no idea, egemen, but I guess through the usual default IE channels: The author mentions Browser Helper Objects. That would be logical; they are usually unnoticed by the firewall...

Paul Wynant
Moscow, Russia

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
Re: New ways to bypass firewalls
« Reply #76 on: November 18, 2006, 04:13:46 PM »
My son got an image.pif through MSN, and it messed up his PC. It took a while to get rid of, and it did send itself to his contacts. So I told him that pif is not a valid extension, and he has stopped a few since then, and his friends as well. So it seems popular right now...
He has CPF and NOD32, but I can't say if he had them on...

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: New ways to bypass firewalls
« Reply #77 on: November 18, 2006, 08:09:38 PM »
And yet another one. I can't see this type getting past COMODO or past your HIPS, but your AV/Antispy might not be ready for this scenario:
http://isc.sans.org/diary.php?storyid=1862

Malware with new features. Disables the Windows Firewall, does keylogging, maps the computers location, and sends everything to an FTP server where it's sorted by location. Plus installs a whole host of additional malware. Thank you, Microsoft, for the default setting 'hide file extensions for known file types'. The Loveletter virus is probably the best example of hidden double-extension tricks, and that was rather long ago.  And the stupid default setting remains in XP and in Vista! Are they doing this on purpose or what?!

P.S.1) To 'unhide' ALL extensions - Microsoft's directions:
    - select Start | Settings | Control Panels | Folder Options
    - select the View tab
    - UNcheck "hide file extensions for known file types"
    - Click OK to finish

P.S.2) But don't let Microsoft fool you! Even after you unhide the extensions using the above steps, you still cannot see certain hidden extensions for files ending with .shs, .pif, and .lnk (a suspicious case of Microsoft's infinite wisdom). Unfortunately these files are executable, and are rapidly becoming the most popular choices for many Trojan horses, such as "Movie.avi.pif" which will look like "Movie.avi", and "ReadMe.TXT.SHS" which will look like "ReadMe.TXT". Instead of being a movie and text file, respectively, they could both be dangerous Trojans. To really show ALL hidden file extensions, open regedit and type in the search field: NeverShowExt
Do a search and delete ALL objects in the right window with this value.

Paul Wynant
Moscow, Russia

A quick and trouble free way to close the vast majority of inherent flaws within the default XP configuration is to use a utility called Samurai.It basically 'hardens' the system against many threats by closing many security holes,switching off unsafe services etc.

http://www.download.com/Samurai/3000-2092_4-10422273.html

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek