Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: On classifying attacks

from [Crispin Cowan] Network Security [Permanent Link]
Subject: Re: On classifying attacks
Date: Sun, 24 Jul 2005 04:47:25 -0700 
Technica Forensis wrote:

This really depends on the situation.  Say I write an exploit that
when run as a user spawns a listening ssh service with root priv.  I
get on the system however I do, download this file and exec it.  I
think everyone would agree that is a local exploit.
I send that same file as an email attachment to some dolt and peer
pressure him into running it.  Just because I downloaded the file by
emailing it to said dolt doesn't change the exploit from local to
remote. It potentially changes it from 'exploit' to trojan, but it is
still being executed locally.
  

That sounds like a compound attack with 2 stages:

    * a social engineering attack to get the victim to run the code
          o can be very simple like "please run this code"
          o can be very sophisticated, like phishing attacks carefully
            crafted to resemble legitimate mail to get the user to click
            on something
    * a local attack that happens when you run the malware

What makes this compound attack "remote" is that the social engineering
attack is remote.

This makes most common viruses compound remote/local attacks with a
remote social engineering attack to somehow induce the user to run a
local attack. The exception to this is e-mail viruses that require no
social engineering because they can exploit some flaw in the preview
pane or such like so that the user only has to browse the mail to run
the malware.

Crispin
-- 
Crispin Cowan, Ph.D.                      http://immunix.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Spyware database lists, Paul Laudanski
Next by Date:  Getting round website authentication with Firefox, account . throw
Previous by Thread:  Re: On classifying attacks, Technica Forensis
Next by Thread:  RE: On classifying attacks, Black, Michael
Indexes:  [Date] [Thread] [Top] [All Lists]