The Ken Thompson method of implanting malware was to use compilers put malware in the compiled code, which did not exist in the source code. Thus we can implement a compiler that always puts one malicious function (e.g. listener) into every executable.
Suppose an attacker has been successful in distributing such a compiler and some applications are affected. Describe how the attacker will now utilize the malware to download new code into infected machines.
-- assume every compiled code generated by the compiler has the malware and the applications have been compiled using this compiler. (Note, you will have to describe how the compiler-generated malware works and how it is invoked and how it achieves the desired result).
A word-processing program being used by Alice, has a
overflow vulnerability, that is this program uses gets(buffer) to read a string into a small buffer that is on the stack. Bob sends
A] What is the simplest method to implant some malware using this buffer overflow on the victim’s machine?
B] What makes it difficult to download a binary program using the simple method in ?
C] What is the better method (instead of injecting a binary) to place a program on Alice’s machine that will run, probably in perpetuity?
The “Tripwire” system calculates all the hashes for all executable files on a clean computer and then compares the hashes with the actual files, when the machine is scanned, to ensure nothing has changed and no malware is hiding as legitimate programs.