| Description: |
First test : WallBreaker uses explorer.exe to launch iexplore.exe and then access the Internet, so, its a windows application which launch another one, and not WallBreaker. The current firewalls can see applications trying to access directly the Internet, application launching another one to access the Internet, but not Wall Breaker which launch an application which launch again another one...
Second test : its a trivial joke, it simply launches Internet Explorer directly, but in a way not handled by firewalls, whereas it should, its the simpliest way to escape. Many firewalls dont see it.
Third test : its a variant of the first test, this time it launches cmd.exe before, which then launch explorer.exe, and finally iexplore.exe :
Wallbreaker -> cmd -> explorer -> iexplore
(Win 2000/XP only)
Fourth test : its an extension of the third test, Wallbreaker set a scheduled task by using "AT.exe" which in turn will execute the task via "svchost" :
Wallbreaker -> AT -> svchost -> cmd -> explorer -> iexplore
This test creates a batch file (".bat" extension) with a random filename in his directory, it should be manually deleted by the user at the end of the test.
In order for this test to work, the Windows Task Scheduler service must be started (keep in mind that a real trojan could do it for you...)
(Win 2000/XP only)
|
