4. Check for leaks

Posted on 12 May 2008 at 15:03

One clever way in which a Trojan might hoodwink your firewall is by changing its name to that of one of your trusted applications, so as to gain outbound data communication privileges. A leaktest mimics this behaviour. A whole host of them, along with reams of documentation about the problem, can be found at the Firewall Leak Tester website (www.firewallleaktester.com), as recommended to us by Skyler King, group manager of research and development at ZoneAlarm developers Check Point.

Other recommended leaktesters include Steve Gibson's at GRC (www.grc.com/lt/leaktest.htm), which kickstarted the whole genre, or alternatively the PC Flank Leaktest (www.pcflank.com/pcflankleaktest.htm). Both make an outbound TCP connection from your PC to a remote port 80 web server. Your firewall should prevent this most trivial application-masquerading bypass, and you can test to see if your firewall allows any program with the same name as a trusted application to gain outbound access by simply changing the name from leaktest.exe (in the case of GRC Leaktest) to whatever the application is called. If it's allowed to access the remote server then a Trojan could easily do likewise.

5. Send in the processor probes

Hack it yourself

Author: Davey Winder