Questions about the new bagle varient...
Results 1 to 9 of 9

Thread: Questions about the new bagle varient...

  1. #1
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065

    Question Questions about the new bagle varient...

    Reading about the new bagle varient in the the article here:

    http://www.enterpriseitplanet.com/se...le.php/3385611

    I was left with a few questions. It states that it attempts to shutdown your AV and your firewall applications. Which leads to my question and that is if the virus can shutdown the firewall applications, can it also shut down firewalls built into routers??
    I am the uber duck!!1
    Proxy Tools

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Uber Duck,

    I am not an expert in this field but I believe that attacking a router (a hardware device) is far more complex than just looking for the known running processes of AV and firewall software, and shutting them down.

    AFAIK, routers can be compromised, but it is pretty rare.

    just my thoughts
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    This variant goes after desktop/server client based AV solutions, not appliance/HW firewalls or AV scanners.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    most virus/worms that do this incluse a kill command to terminate processes. they loop threw a list of av process names using that command. the only way this could affect a hardware f/w or router is if it somehow got into its os and if the box supported the method.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Thanks for the replies!

    How can a virus get into the OS of a HW firewall/router? Can you even reach the OS of it? Or is it just ran from some HW chip that you can't configure? I know you can configure routers but that's from a GUI in windows...
    I am the uber duck!!1
    Proxy Tools

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    exactly my point!

    even if it were written as a flash up-date to the routers os it would still require someone to execute it on the inside and know the user name and password for the router. as long as you keep your router updated i dont think there's much to worry about (now watch a 0day come out for routers)
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    And it doesn't touch anything that does remote IDS or remote AV scanning...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  8. #8
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Ok, now I understand . Thanks for the help!
    I am the uber duck!!1
    Proxy Tools

  9. #9
    Banned
    Join Date
    Nov 2003
    Posts
    182
    There is lots of variants of bagle.

    plain
    wheat
    multi-grain
    pizza
    with lox
    jalepeno
    sesame seed
    sour dough

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides