OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Another new worm???
From: David Knaack (dknaackRDTECH.COM)
Date: Thu Jun 22 2000 - 14:33:16 CDT

From: Frank Town <frank_smilesHOTMAIL.COM>
> Actully not to say everyone is wrong but about 5 years ago when i used to
> hang out on aol, we made these things called password stealers

<nsip>

> They are simple to
> get rid of, at least they were im nto sure about now. Most just add a line
> to your win.ini in the run line

At least one of the new breed of AOL PWS use more advanced
techniques. I've seen one file infector (specific to AOL.EXE)
and one that trojans runonce.exe. However, to my knowledge these
particular samples were not released in the wild, and were not
self propagating.

AOL could be a truly frightening security issue. Given their
history of lax security, I can imagine an advanced hacker or
AOL insider writing an AOL extension and then using the server
push (TOD update) feature to install malicious software on all
AOL clients. One could launch a truly massive DDoS using tens
or hundreds of thousands of AOL clients.

A hacker with access to a large hub could intercept connections
to the AOL servers and act as a transparent proxy, with the
ability to deliver TOD's to AOL clients.

I do not know if AOL TODs are cryptographically signed, but
I would be surprised if they were.

All very advanced hacking, but doable.

DK