Is there any type of file that can not have a virus at all?
Or betther asking, What types of file that can have virus.
The ones I now of.
EXE. COM, BAT, PIF, PL.
If you had to accept upload , what kind of extension would you accept?
Printable View
Is there any type of file that can not have a virus at all?
Or betther asking, What types of file that can have virus.
The ones I now of.
EXE. COM, BAT, PIF, PL.
If you had to accept upload , what kind of extension would you accept?
.txt files are OK.
open in notebook, as this does not support macro's.
.jpeg are OK for the pix,
again though, if you are unsure of the sender, DO NOT OPEN !!!
It is entirely possible that in the near ? future that there will be NO safe files,
only trusted addresses ?
.scr, .doc .xls, any file that can run a macro. vbs, wsh, js any script file. eml xml jar to name a few. its to early to think im going back to bed.
Just to add a little more...
A good rule of thumb is that files that cannot execute code, typically are not going to carry a virus. As someone already mentioned, TXT files are a good example. To flip the coin, a good way to look at virus code is to use an app that can't execute code. Notepad is a typical candidate for this.
--TH13
every file type. I dont meen the real virus itself but (darkhats not good ) hackers can use binders and stick a gif jpg and any other files with the virus making it look like another file type. the file other than the virus will be seen while the virus has been set to run hidden
ps: dont know if this has been said already sorry
another ps : dont open offline web pages the virus code can be inserted into the webpage
I was just reading an article about how JPEGs are/would be great holders of virii because people do not consider them a threat because they are non-executable.
No.Quote:
Is there any type of file that can not have a virus at all?
-Cheers-
Recently an ISP in my country(Planet internet) has been advertising for virus free music
I thought that was bullshit because a mp3, wma or ogg does not execute any
code it is read by a program that play's music. But you guys made me doubt
is it possible now or in the near future that a music file could hold a virus AND
get that virus executed on my computer.
Well one question..if you can hide virus's in a .jpg/.gif then can't the virus simply be executed through <img src>? :-/
I am not exactly sure how it works, but i have a feeling it is used more to store stuff because images are or can be quite large so adding stuff is less noticed I suppose.
-Cheers-
Quote:
quote:
Is there any type of file that can not have a virus at all?
No.
wrong...we just mentioned that .txt files are pretty safe when it comes to Virii.
Quote:
JPG (JPEG) -- a "Proof of Concept" Virus
What is a "Proof of Concept" virus, and should you be worried about this one?
A "Proof of Concept" virus is one that is written by a person with advanced programming skills, to demonstrate that something new can be accomplished. Most often, they are sent to an anti-virus vendor, as if to say, "So there!" and no others are created, except by amateur vandals who produce and circulate hacked copies.
The reality of going from a proof of concept to an everyday concern takes time, and does not always work. Concept (the first Macro virus) was gleefully presented to the AV companies in 1995, and until Microsoft strengthened MS-Word, macro viruses were the "in" thing with virus writers (and vendors' sales/advertising teams). In the two years the Microsoft ignored the real problem (even calling Macro viruses a prank), thousands of Word macro viruses were created.
Another success story for virus writers was Bubbleboy, a script worm, distributable by e-mail. Thanks to the strength of VisualBASIC, the simplicity of using it to create worm programs, and the lack of defenses built into Outlook Express, its descendants made reading e-mail a risky proposition for some time.
But the failures among proof of concept viruses constitute a much longer list. There was LaRoux, again spoon-fed to the AV people in 1995, for Excel, but Excel viruses require sharing of spreadsheets, so those did not get far. A few hacked variants were made from it, but no virus writer would waste his time creating one today.
Other proofs of concept are mere curiosities today, like a macro virus written for Word Perfect. That one failed, because unlike MS-Word, Word Perfect's macros were not embedded in the document, obliging one to share and open two separate files. Proof of concept viruses were written for Ami Pro and PowerPoint, even Java, but those failed, too.
Same flaw here. One must run an infected EXE in order for the system's registry to be altered to run the EXE, whenever one clicks on a JPG. That is NOT a real problem. As careful people have been doing, do NOT run any "donated" EXEs, and you will be 100% safe. Clicking on a JPG will not matter.
When the day comes (if it ever does) that the entire virus is made part of, (or more likely, appended to) a JPG, clicking on a JPG will involve some risk. But we are not there yet, and not many virus writers have the skill level to accomplish that, anyway, IMHO.
Even if things get that far, not clicking on a JPG like a robot which one should not do now, anyway (in case of a fake double extension, like .JPG.EXE), but using a program (like a Web browser) to open it should defeat any such virus, because (as far as I know) all such programs read only the JPG's code, not executable code, and software producers are not going to re-write their programs to accommodate the virus code.
The bottom line: do not worry about JPG viruses, until there is something to be worried about
I guess... But it could still be a virus using the hide extension exploit. So techincally not a txt file but disguised as.Quote:
wrong...we just mentioned that .txt files are pretty safe when it comes to Virii.
-Cheers-
then it would have 2 extentions: virus.exe.txt
Try my experience yesterday with a varient of Netsky.Q
In a Zip file.. called Document.Zip (very original)
was the File Important.TXT____________________________________________...pif (note underscore used to show the number of spaces..)
yes with all the spaces Seems windows dosent like too many characters in the extension.. because there was no way to display the PIF .. except in the HEX editor..
And whne the little baby was executed it dropped a few babies.. but certainly NOT as per any of the normal netsky Q MO.. Submitted the baby to SARC..
BTW.. the Icon for the file and the droped virii was the RTF/TXT icon..
So a user who is not alert.. but aware of double file extensions.. would open this file thinking it was safe.. because they can only see one extension and the the file has a legit Icon..
Cheers
There was a proof of concept image file virus a while back? I think that it was called once off or one shot..............it would only run once and needed some additional code to open the image file and collect the payload etc. That is the only one that I am aware of.
As already noted, anything that can run a macro can run a virus, so that includes Word, Access, Excel and Powerpoint.
So far .txt files can't run anything if they are genuine and you open them in a programming text editor like notepad, vi etc. That is what I do to examine suspicious files, just make a copy as a .txt file and open it in notepad...............if there is an embedded executable it won't run.
Interestingly, I was sent a trojan to examine and tried to open it as a .txt file.........EZArmour wold not let me............spotted what it was straight away, yet AVG ignored it..........until I converted it into a .exe :)
Both AVs would have protected my system, but it is interesting to see the way they work. My conclusion would be that if you can write a virus that will execute from a .txt file then AVG would let it through at present, EZArmour might catch it on heuristics?
There is (or was) a potential flaw in the NTFS file system that would allow you to "attach" something nasty to any file..............I remember doing it once as a proof of concept, but cannot remember the exact details............I think that the problem was getting it to run afterwards..............a similar situation to the graphics virus I mentioned? It was put up as a huge potential security flaw at the time, but I have not seen anything since that could actually use it?
Cheers
I forgot to say that I am using Linux. and I think weh I compiled the Kernel I saw some exec files types, 3 types.
Suppose every files I get I chmod to suppose 555 (RW) will it be OK? as It won't be a executable file.
My problem is, that I will be receiving uploads, and I want to have some precoution to avoid virus., is there any good ant-virus in Linux? amd I wanted to the extensions that I can just ignore.
I have just received my deluxe Lindows stuff. It has VirusSafe from CentralCommand (I think that it is free for private use if you download it) You might like to take a look at their site..........as I recall you have to click on products on the left side and select the free downloads from the drop-down menu?
Cheers
ok which other?, I know that plain files are. is PDF safe? which others can I accept? If I download a viri and chmod to 000 can it infect me?
virus.txt.exe you mean. So by hiding extentions you see virus.txt...Quote:
then it would have 2 extentions: virus.exe.txt
-Cheers-
Hiding information in files is nothing new, in fact, organized crime and terrorist groups have been doing it for years. However, the hidden content is not being interpreted (like a PERL script) or compiled and executed (like C code). Information (text) is hidden inside the JPG file *without* multiple suffixes (txt.jpg). This technique is called steganography and all you need to view these special files is a browser capable of seeing the hidden text. The cDc makes a browser called Camera Shy. It works just like any other browser only it can see the hidden content.
http://www.cultdeadcow.com/details.php3?listing_id=431
Keep an ear to the pavement for any papers on the subject of new virus vectors, but for now I'd concentrate on the 10,000 other things are already harmful.
Nihil:
They are called alternate data streams and they exist. It's not a flaw per se but it is exploitable with some imagination. It was created for compatibilty with MAC files but there don't appear to be any plans to incorporate it in any upcoming FS. Quoting from here :-Quote:
you to "attach" something nasty to any file..............
Do a search for "NTFS alternate data streams" in google and theres a bunch of info about how to create, view and manipulate them.Quote:
NTFS Steams - What you should know!
If you have Windows NT 3.1, 3.5, 3.51, 4.0, Windows 2000 and Windows XP and use NTFS, then your system supports Alternate Data Streams.
What is an Alternate Data Stream? Simply put, it's the ability to hide data behind a file, such as text, graphics or executable code (games, trojans, etc).
For example: You could have a small text file (hello.txt of say 1k in size) - however, attached to it is an executable program that is 5 megs in size. When you do a directory listing (look for files on your pc), the system will show you a small 1k text file without revealing the 5 meg file.
Malicious users take advantage of this by storing a virus or trojan on your system. Employees can abuse this by hiding graphics or data behind text files, etc
Thanks Tiger,
That is exactly what I was referring to.......................I read an article similar to the one you quote, a few years ago (NT4)
I followed the instructions and it actually worked, but I could not see any way to actually get anything in the alternate data streams to run on its own, also the e-mail system saw the true size of the file and wouldn't send it :)
It was certainly a way of hiding stuff though.
There was not a lot of excitement as you needed the NTFS file system, and most skiddies did not have NT.....................of course it is a different story today?
Cheers
Yes, good call Tiger. Streaming (as mentioned) is another way of hiding info in files but as Nihil states, execution of the content is tricky at best. I didn't mention it because virus code hidden in this mannor would not execute directly. This is due to the limitations in cmd.exe.
:)
VI. =)
Actually, as it looked like Cybr1d may have hinted at, but didn't quite come out and clearly say, is that it is possible for a file type to run a virus, however, if it is possible for the .txt to run/contain a virus on your computer, you're already screwed.
For instance, it is possible that there is a program on any given computer that will take data locked in some other, "harmless" file, and use it to execute malicious code. If I planted a file called, "Wingbat.exe" (I just made it up, so don't bother Googling for it) on you're computer, and it runs regularly, I could send to your computer a text file called instruct.txt. Instruct.txt actually has C code in it, but its harmless, right? The thing about Wingbat.exe is that it can take the code from instruct.txt, compile and execute it. You're computer is now officially a zombie.
This is actually just a slightly more complex method (and perhaps harder to detect) than has been used with DDoS. Making a computer into a zombie by making it wait online for instructions can be detected by looking for connections, although sending the file straight onto the computer as a set of instructions (and independent code, even!) can make it so that it will run any code, for any purpose, that it is ever instructed to.
The code involved in this is actually very simple to make. Using gcc or some other compiler as a basis, it would be possible to incorporate that code into a larger executable, adding very little, and very simpllistic, code. Thus, Wingbat.exe is born.
This sort of thing has been done before, and there are other ways to do it, but this is just one clever way to accomplish an ends. As far as I know, to do this in the past, the code would have to be pre-compiled, sent to the other computer, and THEN run by some sort of trojan, or an idiot.
But like I said, by the time that this is possible on your computer, you're already screwed.
Even with this, however, the .txt, .png, .jpeg files are safe in themselves, though they can lead to other problems...
Just a few ways that it would be possible. Don't get too paranoid about it.
---------------------------------
If a new virus called Wingbat.exe is released into the wild soon that does this exact thing, I will be VERY disappointed in all of you. =P
Root kits... ^_^
-Cheers-
So, It would be possible to program a "harmless" .exe program which is programmed to "receive" a set of commands inside .txt files with preset keywords. The .exe file would remain dormant and not attach itself to any other program, say "Not allow it to multiply", until it has received the particular command to turn it on. Somewhat like a trojan...which is built piece by piece, but without having it dial out of the victim's PC to avoid detections, instead have the "Ignorant" user download the commands.
Sorry If I dont make much sense....I guess i'm not finding the right words right now, but I hope you understand what i'm trying to say.
Cheers,
EDIT: Picture the movie TERMINATOR 2. When the evil terminator froze and was shattered, he was harmless. Then the pieces melted from the heat and came together to rebuild him. Imagine all those pieces being .txt files containing commands which, when put together, create a harmful piece of program.
LoL i think that makes it clearer :)
I know exactly what you mean. It wouldn't necessary need pre-programmed key words, though. It could deal with raw code and compile it. Keywords could be programmed in, but it would be just as easy (somewhat easier, really) to send in those key words as seperate code instead of coding it in. If it is included in pre-made code, then it would make Wingbat.exe bigger. To send in the code seperately, it could later be called on by other code.Quote:
Originally posted here by Cybr1d
So, It would be possible to program a "harmless" .exe program which is programmed to "receive" a set of commands inside .txt files with preset keywords.
Also, using external, and freshly written code, means that it could be used to accomplish anything. By getting the initial program in, any other program can then be run from within the system, any script, anything else that the writer could possibly think of, making it a bit more versatile.
Make sense?
A trojan? The only issue would be avoiding detection from AV software.Quote:
By getting the initial program in, any other program can then be run from within the system, any script, anything else that the writer could possibly think of, making it a bit more versatile.
A trojan tries to hide its true function within something else. Anything can be wrapped up in a trojan, this included. This will just execute external code that is sent to it in a .txt format (among other methods.)