Security musings (reflectorium)
Security musings (reflectorium)
Thursday, December 18, 2003
Another reason you don't want Edonkey/Overnet on your network
Bugtraq has a very interesting thread on "Edonkey/Overnet Plugins capable of Virus/Worm behavior". As Julian Ashton put it: " I am writing the FastTrack plugin for Edonkey/Overnet and during this process have realized that this is by far the worst and most insecure plugin architechture I have ever seen in my life." - His list of access given to bad plugins includes: local code execution, unlimited disk access and "basically anything you can imagine in the world that can be done to a windows os machine." - Bear in mind that lots of users run edonkey/overnet.
This has the potential to create huge zombie networks e.g. for Distributed-Denial-Of-Service attacks. Because of the decentralised nature of the peer-to-peer networks, it would be easy for an attacker to control it (and potentially introduce changes to the code). I have the strange feeling that 2004 will be the year of the p2p malware.
It's a really interesting thread and should definitely discourage you...
Bugtraq has a very interesting thread on "Edonkey/Overnet Plugins capable of Virus/Worm behavior". As Julian Ashton put it: " I am writing the FastTrack plugin for Edonkey/Overnet and during this process have realized that this is by far the worst and most insecure plugin architechture I have ever seen in my life." - His list of access given to bad plugins includes: local code execution, unlimited disk access and "basically anything you can imagine in the world that can be done to a windows os machine." - Bear in mind that lots of users run edonkey/overnet.
This has the potential to create huge zombie networks e.g. for Distributed-Denial-Of-Service attacks. Because of the decentralised nature of the peer-to-peer networks, it would be easy for an attacker to control it (and potentially introduce changes to the code). I have the strange feeling that 2004 will be the year of the p2p malware.
It's a really interesting thread and should definitely discourage you...
Comments:
Post a Comment
Me enjoying a "Mate-Club", Alt-Landsberg near Berlin, summer 2003.
RSS Feed now atom.xml!
My public bloglines universe
Essential Security Web-Sites
Internet Head Up Display,
Internet Storm Center incl. Handler's Diary
NewsNow.co.uk on Virii and Security -
Messagelabs stats,
Trendmicro,
Symantec,
CAI,
McAffee,
F-Secure
-- securityfocus,
packetstorm
Recently added Detections from CAI
Standalone Virus Cleaner
Trendmicro Sysclean and Signature, Symantec Removal tools, Stinger from McAfee, F-Secure removal tools, Bitdefender free removal tools
ARCHIVES
11/01/2003 - 12/01/2003/ 12/01/2003 - 01/01/2004
/ 01/01/2004 - 02/01/2004
/ 02/01/2004 - 03/01/2004
/ 03/01/2004 - 04/01/2004
/ 04/01/2004 - 05/01/2004
/ 05/01/2004 - 06/01/2004
/ 06/01/2004 - 07/01/2004
/ 07/01/2004 - 08/01/2004
/ 08/01/2004 - 09/01/2004
/ 09/01/2004 - 10/01/2004
/ 10/01/2004 - 11/01/2004
/ 01/01/2005 - 02/01/2005
/ 02/01/2005 - 03/01/2005
/ 03/01/2005 - 04/01/2005
/ 04/01/2005 - 05/01/2005
/ 05/01/2005 - 06/01/2005
/ 06/01/2005 - 07/01/2005
/ 07/01/2005 - 08/01/2005
/ 01/01/2006 - 02/01/2006
/ 02/01/2006 - 03/01/2006
/ 03/01/2006 - 04/01/2006
/ 06/01/2006 - 07/01/2006
/ 08/01/2006 - 09/01/2006
/ 09/01/2006 - 10/01/2006
/ 12/01/2006 - 01/01/2007
/ 03/01/2007 - 04/01/2007
/ 05/01/2007 - 06/01/2007
/ 07/01/2007 - 08/01/2007
/ 08/01/2007 - 09/01/2007
/ 10/01/2007 - 11/01/2007
/ 11/01/2007 - 12/01/2007
/ 12/01/2007 - 01/01/2008
/ 02/01/2008 - 03/01/2008
/ 09/01/2008 - 10/01/2008
/ 10/01/2008 - 11/01/2008
/ 03/01/2009 - 04/01/2009
/ 09/01/2009 - 10/01/2009
/ 11/01/2009 - 12/01/2009
/ 01/01/2010 - 02/01/2010
/ 02/01/2010 - 03/01/2010
/ 06/01/2010 - 07/01/2010
/
related blogs: general and family research