Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Infection

  1. #1
    Junior Member rock_bill's Avatar
    Join Date
    Jul 2006
    Posts
    20

    Infection

    Why and How files other than .exe can infect any computer???????

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Why and How files other than .exe can infect any computer???????

    Hello Bill, old chap...........I will guess your location to be close to Mumbai? (profile )

    Your answer is that other files execute? like .com, .bat, .reg, and so on?

    That is where your vulnerabilities lie?


  3. #3
    Junior Member rock_bill's Avatar
    Join Date
    Jul 2006
    Posts
    20
    Hello Bill, old chap...........I will guess your location to be close to Mumbai? (profile )

    Your answer is that other files execute? like .com, .bat, .reg, and so on?

    That is where your vulnerabilities lie?


    Well Dear You guessed right Im from India but your guessed location is very far from me.......
    Just Guess more for my location
    OK These executables (like .com, .bat, .reg, and so on) work but how .hqx (well i got this in e-mail attachment) work????

  4. #4
    Senior Member
    Join Date
    Feb 2005
    Posts
    188
    Just a quick google !

    http://www.fileinfo.net/extension/hqx

    File Type
    BinHex 4.0 Encoded File

    File Description
    Macintosh file compressed and encoded into 7-bit text; helps maintain file integrity for downloads by combining the data fork and resource fork into a single archive

    Are you on Mac ?
    \"The Smilie Wars\" ... just arrived after the great crusades

    .... computers come to the rescue .... ah technology at last has some use.

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    You don't need to be on a Mac to open a HQX file. WinZip opens those up.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Senior Member treanglin's Avatar
    Join Date
    Dec 2003
    Posts
    111
    The way I understand things....

    Any file that can be opened, whether it's via another application (i.e. a picture file, an audio file, an office document file) or a plain old executable file has the potential to infect your computer.

    I don't think I'm technically versed enough to explain how and why files other than exe etc. files can infect your computer but I'll take a stab at it.

    (Inhales)

    Never mind.

    What I do know however is that "specially crafted" files can exploit an unthought-of of way that a program interoperates them to be able to do things via the program than can end up leading your computer being infected.

    ^
    | That sounds really messy to me, but I hope you understand it, or that someone can clear it up for you.

    One of my favorite examples of this is the JPEG exploit that came out in '04:

    http://www.microsoft.com/technet/sec.../MS04-028.mspx

    There are countless other examples of this but that's just my favorite.



    Oh yeah, and read up on Buffer Overflows...It's heavy stuff, so be ready dude. If you understand that stuff, your question will be answered for sure.
    "Do you know why the system is slow?" they ask

    "It's probably something to do with..." I look up today's excuse ".. clock speed"
    -BOFH

  7. #7
    Junior Member
    Join Date
    Aug 2006
    Posts
    3
    Trealin, you're right for the most part, that being the part about files being crafted specifically to make use of a vulnerability.

    Another prime example is the WMF exploit (my favorite) for Windows Meta Files which is a lot like the JPEG expoit

    There are a lot of files that can be executed as soon as they are opened, but these are usually dictacted by what registered file types you have in your registry and if those file types make use of an application to open them or if they use the kernel to open them.

    For example, lets say that someone emails you a .bat file, which by default is executed by the kernel or by cmd.exe, and you had to open it it would execute immediately whereas if you configured the registered file type dealing with .bat files to use notepad to open it then it would be totally harmless and open in notepad to display it's contents.

    Which is much the same if you had to save the file to disk and then manually open it with notepad.

    rock_bill, as for your original question, as I have said above, it all depends on what registered file types you have and what applications they are configured to use to open/execute the file.

    I do not recommend messing around in the registry unless you have done a little research on what you want to change, but if you would like to see what your registered file types are and what they do you can get a complete list in the HKEY_CLASSES_ROOT section of your registry.

    The format is first to list the .filename and then to reference to it's type, ie. .exe has a default value of 'exefile' which is then referenced further down under the 'exefile' key which defines it's handling.

    Similarly for .bat files, if you look under the 'batfile' key you will see a subkey called 'open' which defines the parameters for opening the file, as you can see it does not reference any application, but merely ""%1" %*" which basically uses the kernel to open the file (the "%1" bit) with additional options (the %* bit).

    If you wanted to change it so that batch files would be opened in notpad instead of runnign the app then you would need to change it to something like what you will find in the 'edit' key, but this will of course prevent any batch file from being run as any attempt to run a .bat file woul just open it in notepad. A bit of a catch 22 hehehehe

    Anyway, I know this is plenty of arbitrary info, but you might find it useful or appreciate a bit of background info on the matter of what can be run and how it is run on a windows system.

    And in case anyone is wondering, there have been a fair couple of viruses that make use of this and replace themselves as the default application for opening various known file types, they're just anoying and way outdated
    Sanity is the trademark of a weak mind

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey, Bill old chap...............

    Please excuse my ignorance of Indian geography and the related linguistics


    I will now close in on you my friend?

    Madhya Pradesh?

    Closer?

    Please remember that I cannot hear you speak...........I can only guess from idyoms?

  9. #9
    Junior Member rock_bill's Avatar
    Join Date
    Jul 2006
    Posts
    20
    Hey, Bill old chap...............

    Please excuse my ignorance of Indian geography and the related linguistics


    I will now close in on you my friend?

    Madhya Pradesh?

    Closer?

    Please remember that I cannot hear you speak...........I can only guess from idyoms?
    You are now near to me.......

    Some more guess might bring you to my location.....

  10. #10
    Junior Member rock_bill's Avatar
    Join Date
    Jul 2006
    Posts
    20

    Are you on Mac ?

    I am not on Mac but using Windows XP, I have got attachment in my mail.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •