1. DEF CON TEAM DEMONSTRATES MICROSOFT IE TROJAN SETIRI From: *************** Club Tech Networking Tips Newsletter *************** A Penton Publication http://www.iSeriesNetwork.com http://www.e-ProMag.com Issue 35 August 14, 2002 1. DEF CON TEAM DEMONSTRATES MICROSOFT IE TROJAN SETIRI Def Con is the infamous conference of underground "security specialists" (a.k.a. "hackers") that has become the annual venue for the alarming announcement of new security weaknesses. At this year's conference -- the 10th -- in Las Vegas, a team of three South African security consultants reported a flaw in Microsoft's Internet Explorer that lets them breach the security of virtually any firewall-protected network. The security breach uses a Trojan horse program, which is a program designed to look like something innocuous, but which actually carries a dangerous cargo to the deepest recesses of your protected network. The consulting trio, Roelof Temmingh, Haroon Meer, and Charl van der Walt, wrote a demonstration version of the Trojan horse program, called Setiri, and demonstrated it at the conference. Setiri propagates like many viruses -- via e-mail or an indiscreet Web download. Unlike a virus, however, it doesn't replicate itself. Instead, it opens an invisible window in IE that then connects to a secret Web server via an anonymous Web proxy called Anonymizer.com. Once Setiri reaches its mother ship, it can execute arbitrary commands on the infected user's computer, allowing it to do such things as install keystroke logging software or extract sensitive data files (such as password registries). By using Anonymizer.com, the identity of the mother ship site is hidden. Perhaps the most astounding fact about this demonstration is that Setiri does not exploit a hitherto-unrevealed Microsoft bug, as many prior viruses and Trojans have done. No, Setiri uses only standard features built into IE. Microsoft routinely uses the invisible window feature of IE to send surreptitious e-mails from a user's computer back to its own mother ship, Microsoft.com. Many people have warned for years that such Microsoft "back door" features can be uncovered and exploited by hackers. This is yet another instance of Microsoft inflicting damage on its own users through bad software architecture. Despite the fact that Roelof and his colleagues promise not to release their Trojan onto the Internet, the very fact that they have produced the program has spurred others to duplicate their work. At the same conference, a hacker in the audience claimed to have already produced a similar poison pill. For its part, Microsoft has reportedly acknowledged the invisible window problem and promised to look into a fix. In the meantime, you use IE at your own risk. Biographical information for the Setiri developers and an abstract of their presentation is available online at http://www.defcon.org/dcx-speakers.html . ___________________________ Copyright 2002, Penton Technology Media http://www.iSeriesNetwork.com http://www.e-ProMag.com
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.