detecting trojan horses

Archived from groups: comp.security.firewalls (More info?)

Hello. I would be grateful for comment on or response to the
inquiries following the general comments below. Thanks.

Assume the following setup.

1. Computer "A" has no physical connection to the internet; and
also has no hardware capable of effective internet connectivity,
i.e., for example, an ethernet card.

2. Computer "B" is connected to the internet.

3. Data and files exchanged between Computer "A" and Computer
"B" occurs only via CD-Rom R/W Disk hand carried between
computers.

Inquiries?

1. Can a trojan horse or other malicious electronic intruder
first, infect Computer "B;" second, "hide" undetected on the CD-
Rom R/W Disk (say within an authorized file copied from
Computuer "B"); third, infect Computer "A;" and fourth, copy
files from Computer "A" to the CD-Rom R/W Disk?

2. If so, could such unauthorized copying of files onto the CD-
Rom R/W Disk from Computer "A" remain undetected, even with an
inspection of the CD-Rom R/W Disk via the "Run" Command of the
Windows operating system?

3. Moreover, if the answer to Inquiry No. 1 is affirmative,
could the trojan horse also first, hide undetected within an
authorized file copied to the CD-Rom R/W Disk (from Computer
"A"); and second, instruct dispatch of the authorized file to
unauthorized locations via Computer "B."
1 answer Last reply
More about detecting trojan horses
  1. Archived from groups: comp.security.firewalls (More info?)

    Hello, whatever your name is,

    > 1. Computer "A" has no physical connection to the internet; and
    > also has no hardware capable of effective internet connectivity,
    > i.e., for example, an ethernet card.
    >
    > 2. Computer "B" is connected to the internet.
    >
    > 3. Data and files exchanged between Computer "A" and Computer
    > "B" occurs only via CD-Rom R/W Disk hand carried between
    > computers.
    >
    > Inquiries?
    >
    > 1. Can a trojan horhse or oter malicious electronic intruder
    > first, infect Computer "B;" second, "hide" undetected on the CD-
    > Rom R/W Disk (say within an authorized file copied from
    > Computuer "B"); third, infect Computer "A;" and fourth, copy
    > files from Computer "A" to the CD-Rom R/W Disk?

    First, theoretically anything is possible. Whenevery you transfer data
    between two points, it may have been infected. The only way to avoid is
    to transfer only plain text and read the text before transfer and make
    sure yourself it is O.K.

    I am not sure, though, how many viruses nowadays still do the infection
    of existing documents or programs. Years ago, before the rise of the
    Internet, when data was usually exchanged on disks (you know Windows 3.1
    on 12 FDDs and earlies? ;-) This was common practice: The virus
    basically replaced or added some code or put itself somewhere in a
    document (word macro viruses) or certainly it infected the boot block.

    I am not sure how common this still is nowadays. But it is definitively
    possible.

    > 2. If so, could such unauthorized copying of files onto the CD-
    > Rom R/W Disk from Computer "A" remain undetected, even with an
    > inspection of the CD-Rom R/W Disk via the "Run" Command of the
    > Windows operating system?

    Is that, you want to run a program you have copied from the internet or
    the other computer? If you run it, yes. Definitively. A virus should be
    able to quite easily replace an existing DLL or EXE of a program with
    it's own code and the original DLL or EXE in the "backpack". When you
    start the program, it executes the viral code that makes itself
    permanent in the memory and then just runs your original EXE. So you
    will actually never notice as the program runs as normal...


    > 3. Moreover, if the answer to Inquiry No. 1 is affirmative,
    > could the trojan horse also first, hide undetected within an
    > authorized file copied to the CD-Rom R/W Disk (from Computer
    > "A"); and second, instruct dispatch of the authorized file to
    > unauthorized locations via Computer "B."

    Well, as we've got some data from A to B we can get data from B to A as
    well. It should be even easier now that both computers are infected with
    the same virus...

    Gerald
Ask a new question

Read More

Firewalls Computers CD-Rom Networking