Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: Virus

  1. #11
    wrong...we just mentioned that .txt files are pretty safe when it comes to Virii.
    I guess... But it could still be a virus using the hide extension exploit. So techincally not a txt file but disguised as.

    -Cheers-

  2. #12
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    then it would have 2 extentions: virus.exe.txt

  3. #13
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Try my experience yesterday with a varient of Netsky.Q

    In a Zip file.. called Document.Zip (very original)
    was the File Important.TXT____________________________________________...pif (note underscore used to show the number of spaces..)
    yes with all the spaces Seems windows dosent like too many characters in the extension.. because there was no way to display the PIF .. except in the HEX editor..
    And whne the little baby was executed it dropped a few babies.. but certainly NOT as per any of the normal netsky Q MO.. Submitted the baby to SARC..

    BTW.. the Icon for the file and the droped virii was the RTF/TXT icon..

    So a user who is not alert.. but aware of double file extensions.. would open this file thinking it was safe.. because they can only see one extension and the the file has a legit Icon..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  4. #14
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    There was a proof of concept image file virus a while back? I think that it was called once off or one shot..............it would only run once and needed some additional code to open the image file and collect the payload etc. That is the only one that I am aware of.

    As already noted, anything that can run a macro can run a virus, so that includes Word, Access, Excel and Powerpoint.

    So far .txt files can't run anything if they are genuine and you open them in a programming text editor like notepad, vi etc. That is what I do to examine suspicious files, just make a copy as a .txt file and open it in notepad...............if there is an embedded executable it won't run.

    Interestingly, I was sent a trojan to examine and tried to open it as a .txt file.........EZArmour wold not let me............spotted what it was straight away, yet AVG ignored it..........until I converted it into a .exe

    Both AVs would have protected my system, but it is interesting to see the way they work. My conclusion would be that if you can write a virus that will execute from a .txt file then AVG would let it through at present, EZArmour might catch it on heuristics?

    There is (or was) a potential flaw in the NTFS file system that would allow you to "attach" something nasty to any file..............I remember doing it once as a proof of concept, but cannot remember the exact details............I think that the problem was getting it to run afterwards..............a similar situation to the graphics virus I mentioned? It was put up as a huge potential security flaw at the time, but I have not seen anything since that could actually use it?

    Cheers

  5. #15
    I forgot to say that I am using Linux. and I think weh I compiled the Kernel I saw some exec files types, 3 types.
    Suppose every files I get I chmod to suppose 555 (RW) will it be OK? as It won't be a executable file.

    My problem is, that I will be receiving uploads, and I want to have some precoution to avoid virus., is there any good ant-virus in Linux? amd I wanted to the extensions that I can just ignore.
    You are what you have conquered not what you have!

  6. #16
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I have just received my deluxe Lindows stuff. It has VirusSafe from CentralCommand (I think that it is free for private use if you download it) You might like to take a look at their site..........as I recall you have to click on products on the left side and select the free downloads from the drop-down menu?

    Cheers

  7. #17
    ok which other?, I know that plain files are. is PDF safe? which others can I accept? If I download a viri and chmod to 000 can it infect me?
    You are what you have conquered not what you have!

  8. #18
    then it would have 2 extentions: virus.exe.txt
    virus.txt.exe you mean. So by hiding extentions you see virus.txt...

    -Cheers-

  9. #19
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Hiding information in files is nothing new, in fact, organized crime and terrorist groups have been doing it for years. However, the hidden content is not being interpreted (like a PERL script) or compiled and executed (like C code). Information (text) is hidden inside the JPG file *without* multiple suffixes (txt.jpg). This technique is called steganography and all you need to view these special files is a browser capable of seeing the hidden text. The cDc makes a browser called Camera Shy. It works just like any other browser only it can see the hidden content.

    http://www.cultdeadcow.com/details.php3?listing_id=431

    Keep an ear to the pavement for any papers on the subject of new virus vectors, but for now I'd concentrate on the 10,000 other things are already harmful.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #20
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Nihil:

    you to "attach" something nasty to any file..............
    They are called alternate data streams and they exist. It's not a flaw per se but it is exploitable with some imagination. It was created for compatibilty with MAC files but there don't appear to be any plans to incorporate it in any upcoming FS. Quoting from here :-

    NTFS Steams - What you should know!

    If you have Windows NT 3.1, 3.5, 3.51, 4.0, Windows 2000 and Windows XP and use NTFS, then your system supports Alternate Data Streams.

    What is an Alternate Data Stream? Simply put, it's the ability to hide data behind a file, such as text, graphics or executable code (games, trojans, etc).

    For example: You could have a small text file (hello.txt of say 1k in size) - however, attached to it is an executable program that is 5 megs in size. When you do a directory listing (look for files on your pc), the system will show you a small 1k text file without revealing the 5 meg file.

    Malicious users take advantage of this by storing a virus or trojan on your system. Employees can abuse this by hiding graphics or data behind text files, etc
    Do a search for "NTFS alternate data streams" in google and theres a bunch of info about how to create, view and manipulate them.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •