Tilted Forum Project Discussion Community - View Single Post

xepherys · 08-06-2006, 12:34 PM

Well, first of all, a trojan is just a delivery mechanism, usually, for something else, like a bot. The issue with bots is that most of them are written with polymorphic code these days and cannot (CANNOT) be detected using standard security means (anti-virus, anti-spyware, IDS, IPS). They also usually shed their delivery mechanism once they've infected a new PC. Often these will include a snippet of code that attaches itself to the KERNEL32.exe of Windows machines to either serve FTP/HTTP on a non-standard port, or to serve out files via a Torrent stream (which means that your crappy home bandwidth DOES matter to them).

The company I used to work for (well, do through this week) used a network appliance that had a rotating list of known botnet command and control hosts, and we were 'relatively' successful stopping badguys for our clients, but that isn't something currently feasible for most home users or even businesses. It's also still not 100%.

So, in short, yes... it's definitely possible. And yes, your little home/school bandwidth is useful to a Torrent botnet. And no, running anti-virus will likely turn up nothing, or if it does and "fixes" it... it probably didn't fix anything except maybe deleting the delivery shell that it came in.

08-06-2006, 12:34 PM	#19 (permalink)
xepherys <3 TFP Location: 17TLH2445607250	Well, first of all, a trojan is just a delivery mechanism, usually, for something else, like a bot. The issue with bots is that most of them are written with polymorphic code these days and cannot (CANNOT) be detected using standard security means (anti-virus, anti-spyware, IDS, IPS). They also usually shed their delivery mechanism once they've infected a new PC. Often these will include a snippet of code that attaches itself to the KERNEL32.exe of Windows machines to either serve FTP/HTTP on a non-standard port, or to serve out files via a Torrent stream (which means that your crappy home bandwidth DOES matter to them). The company I used to work for (well, do through this week) used a network appliance that had a rotating list of known botnet command and control hosts, and we were 'relatively' successful stopping badguys for our clients, but that isn't something currently feasible for most home users or even businesses. It's also still not 100%. So, in short, yes... it's definitely possible. And yes, your little home/school bandwidth is useful to a Torrent botnet. And no, running anti-virus will likely turn up nothing, or if it does and "fixes" it... it probably didn't fix anything except maybe deleting the delivery shell that it came in.