RE: [inbox] [Full-Disclosure] malware added in transit

[Vincent . Maes]

Title: Message

Paul  wrote:

 

 > Hi all, perhaps I'm way off-base but I've been under the impression that malware can be added   

 >  to clean transmissions as they pass through infected nodes.  Is this possible? 

 

What about modifying/building an application such as dsniff on steroids.  Direct all the gateway traffic through a (dsniff) compromised system, then watch for the target traffic and perform a disassemble/reassemble with malware included.  You could fragment the target traffic to insert larger amounts of malware; and, by looking for the file-type headers, proceed to target specific content. As others have said, there is nothing available (in script kiddie format) to do this, yet.  But there are tools that can perform each of the require functions (WinPcap, ngrep, libpcap)  You just have to put them together.

 

Here's some more detail: http://www.packetfactory.net/projects/libnet/2004_RSA/eol-1.0.pdf

 

> Maybe by 2104...

 

Is it that time already? ;)

 

Vince Maes

 

"MMS <apsc.com>" made the following annotations.
------------------------------------------------------------------------------
--- NOTICE ---
This message is for the designated recipient only and may contain confidential, privileged or proprietary information. If you have received it in error, please notify the sender immediately and delete the original and any copy or printout. Unintended recipients are prohibited from making any other use of this e-mail. Although we have taken reasonable precautions to ensure no viruses are present in this e-mail, we accept no liability for any loss or damage arising from the use of this e-mail or attachments, or for any delay or errors or omissions in the contents which result from e-mail transmission.

==============================================================================