bad virus {credibility alert}
in [Anti-Virus]
|
Prev: Free AVG Question??
Next: "TROJAN" QUESTION
From: FromTheRafters on 21 Mar 2010 07:32 "Toxic" <staring(a)my_hd.tv> wrote in message news:pan.2010.03.21.11.08.37(a)cdc.gov... > On Sun, 21 Mar 2010 06:43:03 -0400, FromTheRafters wrote: > > >> Usenet binaries can only be trusted if you are *looking* for malware. > > Including all the many jpegs found on binaries newsgroups? I was going to write "program binaries" above, but figured the context was already established. I have an excellent collection of usenet binaries (an M.C.Escher collection and some really interesting fractal geometry and other math related pieces). But yes, even jpegs - if a popular program mishandles jpeg data, you will probably find malware exploiting it in those groups as well. This would not be as likely on a website with a contactable webmaster (or an FTP from a personal contact).
From: David H. Lipman on 21 Mar 2010 08:07 From: "FromTheRafters" <erratic(a)nomail.afraid.org> | I was going to write "program binaries" above, but figured the context | was already established. | I have an excellent collection of usenet binaries (an M.C.Escher | collection and some really interesting fractal geometry and other math | related pieces). | But yes, even jpegs - if a popular program mishandles jpeg data, you | will probably find malware exploiting it in those groups as well. This | would not be as likely on a website with a contactable webmaster (or an | FTP from a personal contact). Some of the binaries that are malicious are NOT executables but are media files exploiting Windows DRM such as Wimad trojans. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: FromTheRafters on 21 Mar 2010 09:20 "Toxic" <staring(a)my_hd.tv> wrote in message news:pan.2010.03.21.12.01.37(a)cdc.gov... > then there was that MP3 player by Kim Vanvaeck... Could you expand on that?
From: FromTheRafters on 21 Mar 2010 13:57 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:ho526v01u2u(a)news3.newsguy.com... > From: "FromTheRafters" <erratic(a)nomail.afraid.org> > > | I was going to write "program binaries" above, but figured the > context > | was already established. > > | I have an excellent collection of usenet binaries (an M.C.Escher > | collection and some really interesting fractal geometry and other > math > | related pieces). > > | But yes, even jpegs - if a popular program mishandles jpeg data, you > | will probably find malware exploiting it in those groups as well. > This > | would not be as likely on a website with a contactable webmaster (or > an > | FTP from a personal contact). > > Some of the binaries that are malicious are NOT executables but are > media files exploiting > Windows DRM such as Wimad trojans. Exploiting in this case meaning the utilization of an IMO ill conceived feature of the filetype which is supported by the player rather than an exploit of a software flaw. Still, I would file that under "mishandling data" and I have long considered WMP to be a trojan. Why would anyone want a media file to cause the browser to fire up and visit a URL supplied by what should always be considered untrusted input?
From: David H. Lipman on 21 Mar 2010 14:02
From: "FromTheRafters" <erratic(a)nomail.afraid.org> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message | news:ho526v01u2u(a)news3.newsguy.com... >> From: "FromTheRafters" <erratic(a)nomail.afraid.org> >> | I was going to write "program binaries" above, but figured the >> context >> | was already established. >> | I have an excellent collection of usenet binaries (an M.C.Escher >> | collection and some really interesting fractal geometry and other >> math >> | related pieces). >> | But yes, even jpegs - if a popular program mishandles jpeg data, you >> | will probably find malware exploiting it in those groups as well. >> This >> | would not be as likely on a website with a contactable webmaster (or >> an >> | FTP from a personal contact). >> Some of the binaries that are malicious are NOT executables but are >> media files exploiting >> Windows DRM such as Wimad trojans. | Exploiting in this case meaning the utilization of an IMO ill conceived | feature of the filetype which is supported by the player rather than an | exploit of a software flaw. Still, I would file that under "mishandling | data" and I have long considered WMP to be a trojan. Why would anyone | want a media file to cause the browser to fire up and visit a URL | supplied by what should always be considered untrusted input? Some believe it is a good idea to connect to the web to get a license for a media file or such things ans artist or album information. That concept is what's being exploited. Instead of getting a licence the malwre is obtained. Zango is well known for exploting the DRM "feature". -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |