Gaming Can a program infect you BEFORE you open it?

twiztidsinz

twiztidsinz

Taiju Yamada Fan
Member
Level 2
Joined
Dec 23, 2008
Messages
4,979
Trophies
0
Website
Visit site
XP
220
Country
United States
Originality said:
To use an example, pictures passed over IM applications were enough to spread worms. The stories I could tell dealing with teenagers and their IM worms...
Click to expand...
And that involved the Direct Connect feature which automatically displayed the picture (WHICH IS EXECUTION OF CODE!)
Torrents do not work that way. The code you download does not get executed until you run the file yourself.
 
Wizerzak

Wizerzak

Because I'm a potato!
Member
Level 6
Joined
May 30, 2010
Messages
2,784
Trophies
1
Age
27
Location
United Kingdom
XP
873
Country
Urza said:
Aijelsop said:
I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.
Click to expand...
https://www.microsoft.com/security_essentials/
Click to expand...

i love how that site shows up as https in chrome
rofl.gif
.
 
Originality

Originality

Chibi-neko
Member
Level 9
Joined
Apr 21, 2008
Messages
5,716
Trophies
1
Age
35
Location
London, UK
Website
metalix.deviantart.com
XP
1,904
Country
There are a few more examples of pictures infected with viruses that I came across in school. Some were just adaptations from IM worms (you open the picture file, and you get infected), but I have come across a couple that were imbedded in websites. Looking at the website that contained the infected picture would cause browsers to become infected (there were no hidden scripts or files in the sites, just the infected picture/s) and, in those cases, it would start a series of hijacking and downloading attempts to take over the browser.

I've also come across one case of MP3s that contained viruses. I heard they were very popular for a while, towards the early growth of the MP3 player trend (before the iPod made them a must-have accessory), but after people caught on the only stories I heard were from infected files spread through torrent sites trying to dislodge music piracy.

There are many ways to get a virus onto a computer - the coders have the luxury to be much more creative than the AV companies. The lazy ones would just try and find ways to trick people/programs into executing the files, whilst the more adventurous ones would find ways to get it done automatically, or even directly. That's one of the reasons why good active guards/scanning/firewalls have become an important feature in AV suites.
 
Wizerzak

Wizerzak

Because I'm a potato!
Member
Level 6
Joined
May 30, 2010
Messages
2,784
Trophies
1
Age
27
Location
United Kingdom
XP
873
Country
twiztidsinz

twiztidsinz

Taiju Yamada Fan
Member
Level 2
Joined
Dec 23, 2008
Messages
4,979
Trophies
0
Website
Visit site
XP
220
Country
United States
whoomph said:
twiztidsinz said:
Also, Eugene Kaspersky is a prick (I wish I still had the article).
Click to expand...
http://blogs.computerworld.com/14940/eugen...o_net_anonymity This article?
KGB - Still watching you
unsure.gif
Click to expand...
In Soviet Russia, Web browse You!


@Wizzerzak: Awesome.


@Originality: And those images embedded in the webpage were 1). executed, 2). injected through a compromised site (or on a site intentionally spreading the virus), 3). based on browser vulnerabilities -- Exactly as I said before.
NEVER heard of a virus in an MP3 and I've been using MP3s and other digital audio formats since Winamp was still on v0.92 (early '97). I've heard of 'virus' that find MP3s and corrupt them, overwrite them or otherwise make them unusable and I've heard of virus' that are named .MP3 but aren't actually MP3s and don't play/work in MP3 players.
 
D

Deleted_171835

Guest
Sephi

Sephi

fool
Member
Level 5
Joined
Jan 21, 2008
Messages
1,852
Trophies
1
Age
31
Location
Rhode Island
Website
nov.us.to
XP
627
Country
United States
SoulSnatcher said:
Wizzerzak said:
Urza said:
Aijelsop said:
I only have Avira free. I seriously can't afford to buy a good one.

Lol, I could torrent it, but nah... Not safe.
Click to expand...
https://www.microsoft.com/security_essentials/
Click to expand...

i love how that site shows up as https in chrome
rofl.gif
.
Click to expand...
All that means is you're browsing with an invalid SSL certificate.

It's not like Google's hating on Microsoft's site though that would be amusing if true.
Click to expand...
2011-03-20_2134.png
 
Urza

Urza

hi
Member
Level 5
Joined
Jul 18, 2007
Messages
6,493
Trophies
0
XP
783
Country
United States
twiztidsinz said:
@Originality: And those images embedded in the webpage were 1). executed, 2). injected through a compromised site (or on a site intentionally spreading the virus), 3). based on browser vulnerabilities -- Exactly as I said before.
NEVER heard of a virus in an MP3 and I've been using MP3s and other digital audio formats since Winamp was still on v0.92 (early '97). I've heard of 'virus' that find MP3s and corrupt them, overwrite them or otherwise make them unusable and I've heard of virus' that are named .MP3 but aren't actually MP3s and don't play/work in MP3 players.
Click to expand...
Your ignorance and lack of reading comprehension is astounding.
 
FAST6191

FAST6191

Techromancer
Editorial Team
Level 33
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,321
Country
United Kingdom
Some further reading
http://www.youtube.com/watch?v=54XYqsf4JEY (it covers a lot of the concepts behind embedding things within other formats)
http://www.theregister.co.uk/2010/07/30/em...icrosoft_patch/
http://www.ustream.tv/recorded/5167328 (not strictly related again but worth seeing as it forms the basis for a fair bit)
http://www.youtube.com/watch?v=aAr03FSyod4&NR=1 (again not strictly related but covers a lot of good stuff)
I have not seen any in a while but I have seen some hacks against AV scanners (overflowing them) which is always amusing.

As mentioned though the hit rate from people actually saying yes to things running is usually a better bet than an exploit that can be patched for more long term goals.

@twiztidsinz decoding/reading is anything but executing. See various file system permissions on various systems (read, write, execute). Certainly if I load my picture of choice in a DSi or something that has picture abilities I can not be said to have ran homebrew. Certainly attacks on image libraries have been the basis for several attacks over the years but simply loading an image is not considered as such.
 
Originality

Originality

Chibi-neko
Member
Level 9
Joined
Apr 21, 2008
Messages
5,716
Trophies
1
Age
35
Location
London, UK
Website
metalix.deviantart.com
XP
1,904
Country
QUOTE said:
I have not seen any in a while but I have seen some hacks against AV scanners (overflowing them) which is always amusing.
Click to expand...

A long time ago I came across a rather fun virus classed as "anti scanware". As soon as it detected a scanning algorithm running, it would release a series of countermeasures to preserve its "core". The interesting thing was how it pretty much mimmicked several of the "ninja" moves shown in japanese anime/games, including the famous 3 (replication, substitution and transformation/camoflage). An adapted version would do the same if you even tried to look directly at the folder in which it was located, making it harder to track down.

It's not as effective as "counter scanware", which actively attacks AV suites. If they can't hijack the AV software, it'll at least try and negate the effectiveness of scans or even block them loading in the first place.
 
FAST6191

FAST6191

Techromancer
Editorial Team
Level 33
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,321
Country
United Kingdom
Unless I am mistaken in reading your post I see that to this day (some of the latest variants of the scam AV (this thing was nasty and ten steps beyond the earlier scam AV programs but that is for a different thread) programs are great fans of this- indeed even managing to dodge rkill by "crashing" before it had time to initialise*).

I was thinking more that as the AV program scanned through the file the .text section or something would be oddly sized and this caused an overflow in the AV program which in turn provided the execution method as per more conventional overflows.

*to the one that would ask did you rename it- most of my anti nastyware programs are named for common windows components.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

"New Windows driver blocks software from changing default web browser"

Windows users should try to be more open minded to try Linux

Windows 11 might not update if you have these popular apps installed

Still no Windows 11 minimum requirements HELP

Was there ever going to be new generations of SATA after SATA III?

Misc  So I have a bunch of empty DVD-R discs. What should I do with them?

can't host parsec

VirtualBox - "Failed to create Medium Storage"

General chit-chat
Help Users
    AncientBoi @ AncientBoi: Dem 🥜 s +1