New stealth attack found against personal firewalls

A new technique for defeating personal firewall software has been discovered. But at least one firewall vendor said the trick poses little risk to computer users.

Symantec have said that it is an "interesting proof of concept," but poses no risk to users of Norton Internet Security, which includes Norton AntiVirus.

The program, named Backstealth, is a demonstration program that bypasses the outbound data filters in firewalls from Symantec, McAfee, and other firms.

According to Backstealth's author, Paolo Iorio, the program is designed to access a remote Web site and download a harmless text file without detection by the user's firewall.

Iorio said Backstealth's network connections are invisible to many firewalls because it operates in the same space in the computer's memory that is allocated to the firewalls.

The utility is able to defeat outbound blocking by Kerio Personal Firewall, McAfee Personal Firewall, Norton Internet Security 2002, Sygate Personal Firewall Pro, and Tiny Personal Firewall, according to Iorio.

Firewalls not affected by this vunerability now include Tiny Software's Tiny Personal Firewall version 3, which was released last week, includes a new application "sandbox" feature, is not vulnerable to programs like this. Additionally, the popular ZoneAlarm personal firewall is also not susceptible to the attack, according to Iorio.

Last November, security researchers published several techniques for evading some firewalls' guards against unauthorized leaks. Tools named TooLeaky and FireHole demonstrated how attack programs could piggy-back on applications with approved access to the Internet.

Iorio said Backstealth is unique because it does not commandeer a trusted program, but instead uses a Windows function called VirtualAlloc to inject itself into the firewall's memory space.

"Hackers are always going to come out with new ways to get around firewalls. But they all rely on executing code on your system. And that means they can be detected by anti-virus software," if the programs perform malicious activity, said Symantec product manager Tom Powledge.

News source: Newsbytes

View: BACKSTEALTH Security Test 1.1

Download: BackStealth

Report a problem with article
Previous Story Launches, AdCritic Vows Competition

Next Story

Next-Gen Windows Rumors Heat Up

-1 Comments - Add comment