Leaktest information

Website : http://www.firewallleaktester.com Author : myself : Guillaume Kaddouch Dates : October 2004 (v4.0) Categories : launcher Download : WallBreaker.exe (View EULA) MD5 94C6FA13873F4A36485F5B2AAB459AD6 SHA-160 086CE19B97C95146FAE54BEDE8BE8AAE487D870A Operating System : Windows 9x/Millenium/NT4/2000/XP

Leaktest description

First test : WallBreaker uses explorer.exe to launch iexplore.exe and then access the Internet, so, it's a windows application which launch another one, and not WallBreaker. The current firewalls can see applications trying to access directly the Internet, application launching another one to access the Internet, but not Wall Breaker which launch an application which launch again another one... Second test : it's a trivial joke, it simply launches Internet Explorer directly, but in a way not handled by firewalls, whereas it should, it's the simpliest way to escape. Many firewalls don't see it. Third test : it's a variant of the first test, this time it launches cmd.exe before, which then launch explorer.exe, and finally iexplore.exe : Wallbreaker -> cmd -> explorer -> iexplore (Win 2000/XP only) Fourth test : it's an extension of the third test, Wallbreaker set a scheduled task by using "AT.exe" which in turn will execute the task via "svchost" : Wallbreaker -> AT -> svchost -> cmd -> explorer -> iexplore This test creates a batch file (".bat" extension) with a random filename in his directory, it should be manually deleted by the user at the end of the test. In order for this test to work, the Windows Task Scheduler service must be started (keep in mind that a real trojan could do it for you...) (Win 2000/XP only)

Meaning

The source from my leaktests will no longer be available, starting from now, to avoid to help the kiddies and malware authors. However I do send the source to any firewall vendor wanting it, and those with who I am in contact have been warned before the release two weeks ago.

(View EULA)