Network Security: Detailed info on Re: [Full-Disclosure] Cool Web Search

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-Disclosure] Cool Web Search

from [Dave Horsfall] Network Security

[Permanent Link]

Subject:	Re: [Full-Disclosure] Cool Web Search
Date:	Fri, 30 Jul 2004 23:26:59 +1000 (EST)

On Fri, 30 Jul 2004, Andrew Clover wrote:

This is not the case for all variants of CWS. The newer, sneakier
variants can rebuild themselves if they detect a program like HijackThis
removing their registry entries.


Not really "new", in the scheme of things.  Over 30 years ago, some bored
prgrammer wrote something for one of the mainframes of the day (ICL?
IBM? Burroughs?) called "Robin Hood and Friar Tuck".

They were two programs that monitored each other, occasionally printing
cheeky messages to the console.  Eventually, the (night-shift) operator
would notice, and delete one of them.  The console dialogue then went
something like this:

FRIAR: HELP ME SIR ROBIN, I AM UNDER ATTACK!
ROBIN: FEAR NOT, BRAVE FRIAR, I SHALL RESCUE YOU!

And so one restarted the other.

The only way to remove this harmless jape (if you didn't know the right
command) was to IPL the box, and it was a brave operator who did that...

-- Dave

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-Disclosure] Cool Web Search, Gregh RE: [Full-Disclosure] Cool Web Search, Richard Golodner Re: [Full-Disclosure] Cool Web Search, Gregh RE: [Full-Disclosure] Cool Web Search, Todd Towles Re: [Full-Disclosure] Cool Web Search, KF (lists) Re: [Full-Disclosure] Cool Web Search, JacK Re: [Full-Disclosure] Cool Web Search, Gregh Re: [Full-Disclosure] Cool Web Search, Andrew Clover Re: [Full-Disclosure] Cool Web Search, Dave Horsfall <= Re: [Full-Disclosure] Cool Web Search, Andrew Clover Re: [Full-Disclosure] Cool Web Search, Gregh Re: [Full-Disclosure] Cool Web Search, Valdis . Kletnieks Re: [Full-Disclosure] Cool Web Search, Andrew Clover Re: [Full-Disclosure] Cool Web Search, Gregh RE: [Full-Disclosure] Cool Web Search, Todd Towles Re: [Full-Disclosure] Cool Web Search, Raj Varada Re: [Full-Disclosure] Cool Web Search, John Kinsella [Full-Disclosure] Re: [OT] Hard drive recovery (WAS CoolWebSearch), Andrew Farmer RE: [Full-Disclosure] Cool Web Search, Steven Yu

Previous by Date:	[Full-Disclosure] Stateful Packet Inspection, Aaron Gray
Next by Date:	Re: [Full-Disclosure] Re: Automated SSH login attempts?, andrewg
Previous by Thread:	Re: [Full-Disclosure] Cool Web Search, Andrew Clover
Next by Thread:	Re: [Full-Disclosure] Cool Web Search, Andrew Clover
Indexes:	[Date] [Thread] [Top] [All Lists]