Date: 20 Mar 1999 14:21:14 +0100 From: Dag-Erling Smorgrav <des@ifi.uio.no> To: advocacy@freebsd.org Subject: [Patrick Oonk <patrick@pine.nl>] Promail trojan Message-ID: <xzpvhfws3ed.fsf@bergelmir.ifi.uio.no>
next in thread | raw e-mail | index | archive | help
...or, "Why You Should Never Trust Closed-Source Software". DES -- Dag-Erling Smorgrav - des@ifi.uio.no ------- Start of forwarded message ------- Message-ID: <19990319224030.D7090@atro.pine.nl> Date: Fri, 19 Mar 1999 22:40:30 +0100 Reply-To: patrick@pine.nl From: Patrick Oonk <patrick@pine.nl> Subject: Promail trojan To: BUGTRAQ@NETSPACE.ORG http://cool.icestorm.net/aeon/news.html News and security advisories from Aeon Labs. [03.99] ProMail v1.21, an advanced freeware mail program for Windows 95/98, is a trojan. It has been spread through several worldwide distribution networks (SimTel.net, Shareware.com and others) as proml121.zip. Upon discovering - through LAN sniffing - that the program would attempt to connect to SMTP instead of POP3 when a regular mail check was performed, we reverse-engineered the software. The executable, which appears to have been created with Borland Delphi, has been packed with Petite (a shareware Win32-EXE compressor) and then "hexed" to make disassembly harder. ProMail v1.21 supports multiple mailboxes; every time a new mailbox is created, an "ini" file containing the users full name, passwords, email addresses, servers and more is generated. Prior to doing any other action, the program performs a check for a valid network connection which, if found, allows for the sending of ALL of the personal user data, including the user's password in encrypted format, to an account on NetAddress - a free email provider. Apart from this "feature", the software is 100 % functional and very well done. For further information or a more detailed analysis contact us. -- : Patrick Oonk - http://patrick.mypage.org/ - patrick@pine.nl : : Pine Internet B.V. Consultancy, installatie en beheer : : Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/ : : -- Pine Security Digest - http://security.pine.nl/ (Dutch) ---- : : "unix is voor types zonder sociaal leven..." - Patrick van Eijk : ------- End of forwarded message ------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpvhfws3ed.fsf>