A program that CAN PASS ALL the firewalls!? I can NOT believe it. READ.

T

thorz

1
Jezzz... I was surfing on GRC newsgroups and look what I found:

This program claims to pass all firewalls, and it looks like a comercial and WORLDWIDE solution against laptop stealing.

Read here and come back and comment pleease.

/http://www.stealthsignal.com/web/specifications.asp?key=8/20/2002%2012:38:32

If THIS IS TRUE then I am starting to be PARANNOID my friends! Any trojan could use this technology!

Comments? COMMENTS!!!!???


PS/ Have already oredered an appointment with my psichiatryst. :D
 
FortiTude

FortiTude

1
downloaded and installed the prog...
when it says checking configuration during installation kerio pops up and ask me if i want to permit that prog or not.
i permitted it temporarely to complete the installation and activation.
few seconds after completion if the installation kerio pops up again with:
'TMP9245.EXE' from your computer wants to connect to stealthsignal.com.co [66.129.71.24], port 80
after killing that process and removing that file i started it with the registry key to simulate a reboot
--> acts like a cheap trojan ... installs an exe into C:\WINNT called regsrv32.exe (sounds mike like the register for dlls ... regsvr32.exe in WINNT\system32) and it's started via hkey_lokal_machine\software\microsoft\windows\currentversion\run
with a key: Register Library: regsrv32.exe /s C:\WINNT\avifile.dll
but avifile.dll doesn't exist ...
the regsrv32.exe tries to connect to the net every 5 seconds:
'REGSRV32.EXE' from your computer wants to connect to stealthsignal.com.co [66.129.71.24], port 80

FortiTude

ps: the trial data i got via email if someone wants to try it:
Dear Forti Tude,
Thank you for your interest in the Stealth Signal security system.
If you have not downloaded the Stealth Signal software please go to: h**p://www.stealthsignal.com/web/download.asp
Your Stealth Signal Account has already been created using the information provided in your trial application.
Trial Activation Code: PROTECTIT
Stealth Signal Account: FT1371
Password: trial
*This trial must be used within 2 weeks from today's date.
If you are a company or organization with multiple computers that need protection we recommend that you download Stealth Signal on more than one computer. This will allow you to see the benefits of the Asset Management Tool. You can use the same activation code for different computers.
To run the trial using one of our mass deployment options please send an email to support@stealthsignal.com describing the software or method you intend to use.
If you have any questions or suggestions please email our technical staff at:
support@stealthsignal.com
Thank you and we look forward to hearing from you,´
Sales
Stealth Signal, Inc
Click to expand...
ps2: i heard about a better way to bypass a firewall:
a trojan opens a hidden window of internet explorer and connects with that via w*w.anonymizer.com to a host (in order not to be traced back)
but i dunno anything else about that

edit --> just noticed another winhelp.exe in winnt\system32 was created (had the same size as regsrv32.exe)
 
Last edited:
FortiTude

FortiTude

1
pokopiko said:
...and yes, of course I tested that too and this lame penetrator was squeezed like an insect by Kerio...
Click to expand...
yeah nice way to express that :D
everything that passes unattended through kerio is not a fault of kerio but the fault of a bad ruleset !
(i'm using 2.1.4 too, i like some of the new features of v.3, but the beta is still too buggy for me)
FortiTude
 
Josh NeverMind

Josh NeverMind

1
Nice info guy'z
Thanx for this
Seems that Kerio got all da appreciation from our specialists
Think i'm gonna stick with this one too, even if it means some work to configure it
 
FortiTude

FortiTude

1
just found another Register.exe in
C:\Dokumente und Einstellungen\All Users.WINNT\Startmenü\Programme\Autostart
didn't look there first because i didn't think it was so CHEAP ...
every child knows the autostart folder i expected more from something commercial ... :(
FortiTude
 
G

gorguts

1
The Leaktest thing was no big deal. Nobody is going to name their program "Trojan" so Kerio pops up with "Trojan is trying to access the internet". What you need to worry about are trojans that are able to open another program that is known to have access to the internet all the time (ie Internet Explorer) to do their dirty work for them. Even if you don't make a rule for Internet Explorer, when the the trojan opens it up to run and you see the Kerio popup, you are more than likely going let it pass because it looks like normal traffic ("Internet Explorer is trying to access the internet"). Kerio 2.1.4 is not able to stop this, but this where Kerio 3.0 is cool because it will. Although, you still have to use your brain because the new Kerio will popup and tell you that some program is trying to start another program to access the internet. You have decide if it is normal for that to happen.
 
Last edited:
G

gorguts

1
> Sygate Personal pro-->options-->security-->enable dll >verification...

Exactly!...I was not aware Sygate had this, but that is just what is needed.
 
G

gorguts

1
I forgot to ask this before, but I have only done limited testing with the Kerio Beta (I run a dedicated unix firewall to protect my network) and I noticed that on the popups, the advanced rule option was always greyed out. Did I miss a setting or is the beta just a little less than complete?
 
You must log in or register to reply here.
Top