Prev: Update - Microsoft Responds to the Evolution of Community
Next: snopes.com: F1 Key Virus.
From: "FromTheRafters" erratic on 9 May 2010 18:27
"Frank" <franklin.macintosh(a)gmail.com> wrote in message
news:4c0fd102-441f-4d08-85ea-8a7bd79810ae(a)b7g2000yqk.googlegroups.com...

[...]

I agree that the stick only contains data...aside from the fact that
the data changes in real time, however, malware can also reside in
data files e.g. macros, complicated graphics languages, etc.. My
actual knowledge about this is really sketchy, so I welcome any
perspectives on this.

***
You are correct that malware can exist as, or reside in, data filetypes.
Most malware, however, will exist as executable files.
***


From: Frank on 15 May 2010 21:43
On May 9, 6:27 pm, "FromTheRafters" <erratic @nomail.afraid.org>
wrote:
> "Frank" <franklin.macint...(a)gmail.com> wrote in message
>
> news:4c0fd102-441f-4d08-85ea-8a7bd79810ae(a)b7g2000yqk.googlegroups.com...
>
> [...]
>
> I agree that the stick only contains data...aside from the fact that
> the data changes in real time, however, malware can also reside in
> data files e.g. macros, complicated graphics languages, etc..  My
> actual knowledge about this is really sketchy, so I welcome any
> perspectives on this.
>
> ***
> You are correct that malware can exist as, or reside in, data filetypes.
> Most malware, however, will exist as executable files.
> ***

Good to know....
From: David H. Lipman on 15 May 2010 22:18
From: "Frank" <franklin.macintosh(a)gmail.com>

| I'm reaching way outside my area of experience here, but I recall for
| complex display languages (maybe HTML or some other languages for
| rendering content, postscript, PDF, TIFF, other bit-map languages), it
| is possible to exploit unbullet-proofed apps by coding up pathologies
| that cause (for example) buffer overruns. Like I said, I'm really
| reaching, but my impression is that the dividing line between data and
| programs can get blurry. Heck, even LaTeX is like programming. Based
| on that murky impression, I haven't distinguished between data and
| nondata for many years.

That's a roger.

Certain graphic file exploits could cause a Buffer Overflow condition with an Elevation of
Priveledges in GDI Plus.

Malicious PDF file exploits could cause a Buffer Overflow condition with an Elevation of
Priveledges in Adobe Reader/Acrobat and some other PDF viewers.

HTML is scipting laguage that can be outright malicious.

Nothing w/PostScript.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: "FromTheRafters" erratic on 15 May 2010 22:25
"Frank" <franklin.macintosh(a)gmail.com> wrote in message
news:c4b4c561-e155-4ef3-aced-b6b00c37d773(a)f13g2000vbm.googlegroups.com...
On May 9, 6:05 pm, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net>
wrote:
> From: "Frank" <franklin.macint...(a)gmail.com>

[...]

> | I agree that the stick only contains data...aside from the fact that
> | the data changes in real time, however, malware can also reside in
> | data files e.g. macros, complicated graphics languages, etc.. My
> | actual knowledge about this is really sketchy, so I welcome any
> | perspectives on this.

[...]

> What are; "complicated graphics languages" ?

I'm reaching way outside my area of experience here, but I recall for
complex display languages (maybe HTML or some other languages for
rendering content, postscript, PDF, TIFF, other bit-map languages), it
is possible to exploit unbullet-proofed apps by coding up pathologies
that cause (for example) buffer overruns.

***
"Complicated graphics laguages" are not the only way that data can be
crafted maliciously. Any program that mishandles data in that manner can
be attacked. When you used that phrase I thought that you might be
referring to a certain graphics filetype that allows a custom error
handling routine to be be included - the SetAbortProc record in the WMF
filetype. This is not a graphics language, but a filetype's feature.

The data/code dichotomy does indeed get blurry sometimes.
***


First  |  Prev  | 
Pages: 1 2
Prev: Update - Microsoft Responds to the Evolution of Community
Next: snopes.com: F1 Key Virus.