April 11th, 2004, 01:07 PM
That is exactly what I was referring to.......................I read an article similar to the one you quote, a few years ago (NT4)
I followed the instructions and it actually worked, but I could not see any way to actually get anything in the alternate data streams to run on its own, also the e-mail system saw the true size of the file and wouldn't send it
It was certainly a way of hiding stuff though.
There was not a lot of excitement as you needed the NTFS file system, and most skiddies did not have NT.....................of course it is a different story today?
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
April 11th, 2004, 03:02 PM
Yes, good call Tiger. Streaming (as mentioned) is another way of hiding info in files but as Nihil states, execution of the content is tricky at best. I didn't mention it because virus code hidden in this mannor would not execute directly. This is due to the limitations in cmd.exe.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
April 11th, 2004, 04:55 PM
Actually, as it looked like Cybr1d may have hinted at, but didn't quite come out and clearly say, is that it is possible for a file type to run a virus, however, if it is possible for the .txt to run/contain a virus on your computer, you're already screwed.
For instance, it is possible that there is a program on any given computer that will take data locked in some other, "harmless" file, and use it to execute malicious code. If I planted a file called, "Wingbat.exe" (I just made it up, so don't bother Googling for it) on you're computer, and it runs regularly, I could send to your computer a text file called instruct.txt. Instruct.txt actually has C code in it, but its harmless, right? The thing about Wingbat.exe is that it can take the code from instruct.txt, compile and execute it. You're computer is now officially a zombie.
This is actually just a slightly more complex method (and perhaps harder to detect) than has been used with DDoS. Making a computer into a zombie by making it wait online for instructions can be detected by looking for connections, although sending the file straight onto the computer as a set of instructions (and independent code, even!) can make it so that it will run any code, for any purpose, that it is ever instructed to.
The code involved in this is actually very simple to make. Using gcc or some other compiler as a basis, it would be possible to incorporate that code into a larger executable, adding very little, and very simpllistic, code. Thus, Wingbat.exe is born.
This sort of thing has been done before, and there are other ways to do it, but this is just one clever way to accomplish an ends. As far as I know, to do this in the past, the code would have to be pre-compiled, sent to the other computer, and THEN run by some sort of trojan, or an idiot.
But like I said, by the time that this is possible on your computer, you're already screwed.
Even with this, however, the .txt, .png, .jpeg files are safe in themselves, though they can lead to other problems...
Just a few ways that it would be possible. Don't get too paranoid about it.
If a new virus called Wingbat.exe is released into the wild soon that does this exact thing, I will be VERY disappointed in all of you. =P
April 11th, 2004, 06:18 PM
Root kits... ^_^
April 11th, 2004, 06:48 PM
So, It would be possible to program a "harmless" .exe program which is programmed to "receive" a set of commands inside .txt files with preset keywords. The .exe file would remain dormant and not attach itself to any other program, say "Not allow it to multiply", until it has received the particular command to turn it on. Somewhat like a trojan...which is built piece by piece, but without having it dial out of the victim's PC to avoid detections, instead have the "Ignorant" user download the commands.
Sorry If I dont make much sense....I guess i'm not finding the right words right now, but I hope you understand what i'm trying to say.
EDIT: Picture the movie TERMINATOR 2. When the evil terminator froze and was shattered, he was harmless. Then the pieces melted from the heat and came together to rebuild him. Imagine all those pieces being .txt files containing commands which, when put together, create a harmful piece of program.
LoL i think that makes it clearer
April 11th, 2004, 06:52 PM
I know exactly what you mean. It wouldn't necessary need pre-programmed key words, though. It could deal with raw code and compile it. Keywords could be programmed in, but it would be just as easy (somewhat easier, really) to send in those key words as seperate code instead of coding it in. If it is included in pre-made code, then it would make Wingbat.exe bigger. To send in the code seperately, it could later be called on by other code.
Originally posted here by Cybr1d
So, It would be possible to program a "harmless" .exe program which is programmed to "receive" a set of commands inside .txt files with preset keywords.
Also, using external, and freshly written code, means that it could be used to accomplish anything. By getting the initial program in, any other program can then be run from within the system, any script, anything else that the writer could possibly think of, making it a bit more versatile.
April 11th, 2004, 06:56 PM
A trojan? The only issue would be avoiding detection from AV software.
By getting the initial program in, any other program can then be run from within the system, any script, anything else that the writer could possibly think of, making it a bit more versatile.
April 11th, 2004, 06:57 PM
A trojan tries to hide its true function within something else. Anything can be wrapped up in a trojan, this included. This will just execute external code that is sent to it in a .txt format (among other methods.)