Thread: outbreak.ntli.net
View Single Post
Old 12-04-2005, 13:13   #20
Stuart
-
 
Stuart's Avatar
 
Join Date: Jun 2003
Location: Somewhere
Services: Virgin for TV and Internet, BT for phone
Posts: 26,546
Stuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver bling
Stuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver bling
Re: outbreak.ntli.net
Quote:
Originally Posted by greencreeper
Quote:
Originally Posted by BBKing
I know them well and they're *very* smart - try defining how you'd identify who has a virus or not
Well first I'd start by identifying whether the OS is capable of hosting the virus
Easy to say. Not so easy to do.. I can think of one way they can do it remotely. When you access something with a browser, your browser sends a series of headers that include the platform, OS and browser sending the request. You could (theoretically) check for all Windows PCs this way.

I can think of two problems with this.
  • It relies on the application accessing the net actually sending these headers. I am pretty sure that only web browsers do.
  • It is easy to forge/alter these headers. Opera does this so that it can appear to be Internet Explorer. I am pretty sure virus writers would find a way to use these headers to make it appear the machine being checked is running Linux.
Stuart is offline   Reply With Quote