Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Deus, Attonbitus (Thor_at_HAMMEROFGOD.COM)
Date: Thu Aug 08 2002 - 11:14:57 CDT
At 07:28 AM 8/8/2002, Chris Paget wrote:
>The scenario: A user has a Windows 2000 box running a personal
>firewall. The firewall only "trusts" Internet Explorer to access the
>Somehow or other, some malicious code gets onto the system. It fires
>up an IE window, and makes it invisible. It injects a DDoS client (or
>whatever) into IE, using exactly the same technique described in my
>paper. That malicious code within IE then accesses the network
>freely, since the personal firewall can't tell the difference. It
>could even send out its traffic as legitimate HTTP requests, so that
>it is more or less untraceable.
Not withstanding the implications of exploiting privileged services, one
really has to question the validity of any exploit that first requires
malicious code to get onto the system. Why worry about firing up an IE
window when you can load a kernel mode driver? If they run our code, then
we immediately own the box.
I honestly feel any sentence that starts out "If you can get your code on
the box..." must end in a ".. then nothing else matters."