 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
quietman7
Warrior Addict
Joined: 20 Dec 2004
Last Visit: 28 Mar 2012
Posts: 768
Location: Virginia, USA
|
 Posted: Mon Oct 23, 2006 8:18 am Post subject: The Ten Most Dangerous Things Users Do Online |
 |
|
| Quote: |
...The following is our list of "The Ten Most Dangerous Things Users Do Online," along with some explanation of the risks -- and solutions -- associated with each...
1. Clicking on email attachments from unknown senders
2. Installing unauthorized applications
3. Turning off or disabling automated security tools
4. Opening HTML or plain-text messages from unknown senders
5. Surfing gambling, porn, or other legally-risky Websites
6. Giving out passwords, tokens, or smart cards
7. Page 8: Random surfing of unknown, untrusted Websites
8. Attaching to an unknown, untrustworthy WiFi network
9. Filling out Web scripts, forms, or registration pages
10. Participating in chat rooms or social networking sites |
darkreading.com
_________________
Microsoft MVP - Consumer Security 2007-2012 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
| Back to top |
|
 |
Erikalbert
Warrior
Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219
|
| Posted: Wed Oct 25, 2006 10:27 pm Post subject: Re: The Ten Most Dangerous Things Users Do Online |
|
|
[quote="quietman7"]
| Quote: |
...The following is our list of "The Ten Most Dangerous Things Users Do Online," along with some explanation of the risks -- and solutions -- associated with each...
4. Opening HTML or plain-text messages from unknown senders
|
Just wondering what so dangerous about opening plain-text messages? |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9710
Location: Yorkshire
|
| Posted: Wed Oct 25, 2006 11:08 pm Post subject: |
|
|
| Quote: |
| Just wondering what so dangerous about opening plain-text messages? |
You voice my thoughts also.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
quietman7
Warrior Addict
Joined: 20 Dec 2004
Last Visit: 28 Mar 2012
Posts: 768
Location: Virginia, USA
|
| Posted: Thu Oct 26, 2006 3:52 am Post subject: |
|
|
| Quote: |
| HTML text -- and increasingly, images -- can be infected with spyware, and in some cases, executable code...embedding shell code...HTML files may contain Java Scripts, ActiveX controls, or macros that can allow an attacker to gain control of a PC or turn into a botnet zombie... |
_________________
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9710
Location: Yorkshire
|
| Posted: Thu Oct 26, 2006 4:58 am Post subject: |
|
|
| quietman7 wrote: |
| Quote: |
| HTML text -- and increasingly, images -- can be infected with spyware, and in some cases, executable code...embedding shell code...HTML files may contain Java Scripts, ActiveX controls, or macros that can allow an attacker to gain control of a PC or turn into a botnet zombie... |
|
Admittedly you can embed malicious code in a HTML e-mail, but AFAIK its not possible in a plain text document, which is the point we were making.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
quietman7
Warrior Addict
Joined: 20 Dec 2004
Last Visit: 28 Mar 2012
Posts: 768
Location: Virginia, USA
|
| Posted: Thu Oct 26, 2006 9:20 am Post subject: |
|
|
I can't speak for the writers but they probably were thinking about an e-mail message in HTML format or as plain text message with an attached HTML file. The article appears to have been written for novice users and the author(s) did not go into a lot of detail or specific explanations.
_________________
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators |
|
| Back to top |
|
|
Erikalbert
Warrior
Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219
|
| Posted: Fri Oct 27, 2006 11:22 am Post subject: |
|
|
Why is it dangerous to open txt files?
Rutkowska says
| Quote: |
| Of course, I'm still aware that it's not enough, as somebody can embed a very reliable and "silent" zero-day exploit for my .TXT editor in some README file. |
http://www.eweek.com/article2/0,1895,2040760,00.asp
 |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9710
Location: Yorkshire
|
| Posted: Sat Oct 28, 2006 12:19 am Post subject: |
|
|
| Erikalbert wrote: |
Why is it dangerous to open txt files?
Rutkowska says
| Quote: |
| Of course, I'm still aware that it's not enough, as somebody can embed a very reliable and "silent" zero-day exploit for my .TXT editor in some README file. |
http://www.eweek.com/article2/0,1895,2040760,00.asp
|
In which case it seems the infection vector is the readme file, not the txt e-mail.
Interesting article though.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
Bobbi Flekman
Malware Expert
Joined: 06 Mar 2005
Last Visit: 28 May 2010
Posts: 83
Location: Midian
|
| Posted: Sat Oct 28, 2006 12:38 am Post subject: |
|
|
| Erikalbert wrote: |
Why is it dangerous to open txt files?
Rutkowska says
| Quote: |
| Of course, I'm still aware that it's not enough, as somebody can embed a very reliable and "silent" zero-day exploit for my .TXT editor in some README file. |
http://www.eweek.com/article2/0,1895,2040760,00.asp
|
That means it still has to happen. So it is only possibly dangerous to open .txt files. Still this doesn't mean the .txt file itself is dangerous. As long as .txt is not interpreted by something, it cannot be executed, and opening a .txt file in an editor like Notepad does nothing unless the system is already compromised. Which still means that the .txt file is not the infector.
Do you ban the entire Internet because someone finds it necessary to put spyware on it? Is every Myspace user a pedophile because there is one on it?
I do like the idea of the System Virginity Verifier though. Downloaded the source and will be playing with it.
_________________
[url="http://www.uniteagainstmalware.com/forums/"] [/url] |
|
| Back to top |
|
|
hornet777
Warrior Guru
Joined: 28 Oct 2005
Last Visit: 20 Oct 2009
Posts: 458
|
| Posted: Sat Oct 28, 2006 4:00 am Post subject: |
|
|
I took what Rutkowska said in that regard to mean that the application that is used to open the text file is compormised, which leads to system compromise. All three items are thus related: the application wouldn't be compromised were it not for a crafted data file that is opened by it, and likewise for the system that is compromised as a result of this. Nothing was inferred of necessity about the safety of text files in general, although with a caveat. Is this how others understood it?
Seems to me that her words in general were a warning of an impending crisis that will threaten to bring about drastic changes in computers, and the industry that brings them about -- not many of which will set well with either the industry or the consumers of their products, at least as long as memory of "what used to be" remain... I think she is right to be very wary of virtualisation techniques; getting away from the hardware is a BIG mistake, for therein lies the saving grace. (sorry for OT; thanks for listening). |
|
| Back to top |
|
|
Erikalbert
Warrior
Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219
|
| Posted: Tue Oct 31, 2006 9:50 am Post subject: |
|
|
| Bobbi Flekman wrote: |
That means it still has to happen. So it is only possibly dangerous to open .txt files.
|
Yes, it's just a hypothetical.
| Quote: |
Still this doesn't mean the .txt file itself is dangerous. As long as .txt is not interpreted by something, it cannot be executed, and opening a .txt file in an editor like Notepad does nothing unless the system is already compromised.
|
Opening a text filke in notepad does nothing normally yes, but if there is a buffer overflow bug no one knows about.....
| Quote: |
| Which still means that the .txt file is not the infector. |
With all due respect to your expert tag, I don't quite agree.
My understanding is that if a specially crafted text file can cause a buffer overflow in your text editior the moment you open it with your text editor, then all bets are off, and it would be possible in theory for the text file to inject some attack code that would be normally harmless lines in a text file.
In that case the text file would definitely be the infector, though it would need probably to download more parts from the net to establish a perm presence.
Paranoid? Of course.
But I wasn't serious anyway, but apparently Joanna worries a little (at least) about such threats.
| Quote: |
I do like the idea of the System Virginity Verifier though. Downloaded the source and will be playing with it. |
It will work better on my vista.  |
|
| Back to top |
|
|
Bobbi Flekman
Malware Expert
Joined: 06 Mar 2005
Last Visit: 28 May 2010
Posts: 83
Location: Midian
|
| Posted: Tue Oct 31, 2006 11:44 pm Post subject: |
|
|
| Erikalbert wrote: |
My understanding is that if a specially crafted text file can cause a buffer overflow in your text editior the moment you open it with your text editor, then all bets are off, and it would be possible in theory for the text file to inject some attack code that would be normally harmless lines in a text file.
In that case the text file would definitely be the infector, though it would need probably to download more parts from the net to establish a perm presence. |
A text file has nothing in it that is executable, unless the program is itself interprets the text and acts on it. Textfiles are opened by Notepad (by default). That does not interpret anything, just loads it as a datafile. If it did interpret the contents, we would have had fun a long long time ago as batchfiles are created in Notepad as well.
If Notepad interprets and executes stuff that would mean it has been compromised before. Then the textfile is not the infector.
As far as the buffer overflow is concerned, Notepad has a certain buffer size that it will fill. If the file is too large for memory it will complain that it is too big and offer to open Wordpad. Wordpad fills its buffer and ignores the rest of the file, until you move out of the buffered region. At that moment memory will be refreshed with the new part that should be in memory.
Until you, or anyone else, can give me a working example I simply cannot believe that a textfile will be an infector.
_________________
[url="http://www.uniteagainstmalware.com/forums/"][/url] |
|
| Back to top |
|
|
Erikalbert
Warrior
Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219
|
| Posted: Thu Nov 02, 2006 2:04 am Post subject: |
|
|
| Bobbi Flekman wrote: |
If Notepad interprets and executes stuff that would mean it has been compromised before. Then the textfile is not the infector.
|
I guess we are arguing semantics here. If there is a flaw in the intrepreter that causes a compromise by seemly reading a readme file ... (which is what joanna says by "embeding a....." there is nothing about being 'compromised before')
we can argue over whether the text file really is or is not the infector but bottom line it means opening a text file could be dangerous.
Far out threat yes, but joanna seems to think it is worth mentioning. I think she's nuts personally and way too paranoid, but she has more expertise in the area than me, and most probably you, so if she thinks it's worth mentioning what can I say? You can take it up with her if you are unhappy, I'm just reporting what she said.
| Quote: |
As far as the buffer overflow is concerned, Notepad
has a certain buffer size that it will fill. If the file is too large for memory it will complain that it is too big and offer to open Wordpad. Wordpad fills its buffer and ignores the rest of the file, until you move out of the buffered region. At that moment memory will be refreshed with the new part that should be in memory.
|
In theory yes.
| Quote: |
Until you, or anyone else, can give me a working example I simply cannot believe that a textfile will be an infector. |
Well if i have a working example, I wouldn't share it with you lol. It would be the most valuable secret out there man.
Anyway , i don't know how this developed into me saying that opening text files is dangerous. I'm the guy who orginally questioned it! |
|
| Back to top |
|
|
Erikalbert
Warrior
Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219
|
| Posted: Thu Nov 02, 2006 2:06 am Post subject: |
|
|
| Gary R wrote: |
| Erikalbert wrote: |
Why is it dangerous to open txt files?
Rutkowska says
| Quote: |
| Of course, I'm still aware that it's not enough, as somebody can embed a very reliable and "silent" zero-day exploit for my .TXT editor in some README file. |
http://www.eweek.com/article2/0,1895,2040760,00.asp
|
In which case it seems the infection vector is the readme file, not the txt e-mail.
Interesting article though. |
If it's the readme file, it could easily be the txt email as well... |
|
| Back to top |
|
|
Bobbi Flekman
Malware Expert
Joined: 06 Mar 2005
Last Visit: 28 May 2010
Posts: 83
Location: Midian
|
| Posted: Thu Nov 02, 2006 2:28 am Post subject: |
|
|
| Erikalbert wrote: |
I guess we are arguing semantics here. If there is a flaw in the intrepreter that causes a compromise by seemly reading a readme file ... (which is what joanna says by "embeding a....." there is nothing about being 'compromised before')
we can argue over whether the text file really is or is not the infector but bottom line it means opening a text file could be dangerous. |
I agree. It all depends on the term infector. In my eyes the file is not the infector. If Notepad (or whatever opens it) is infected then the textfile is a thread. I suggest we let it drop, since we're both on the same side after all. That is: we think this is not much of a thread.
| Quote: |
| Well if i have a working example, I wouldn't share it with you lol. It would be the most valuable secret out there man. |
Spoilsport! 
_________________
[url="http://www.uniteagainstmalware.com/forums/"][/url] |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 19 Jun 2013
Posts: 9710
Location: Yorkshire
|
| Posted: Thu Nov 02, 2006 6:59 am Post subject: |
|
|
| Erikalbert wrote: |
| Gary R wrote: |
| Erikalbert wrote: |
Why is it dangerous to open txt files?
Rutkowska says
| Quote: |
| Of course, I'm still aware that it's not enough, as somebody can embed a very reliable and "silent" zero-day exploit for my .TXT editor in some README file. |
http://www.eweek.com/article2/0,1895,2040760,00.asp
|
In which case it seems the infection vector is the readme file, not the txt e-mail.
Interesting article though. |
If it's the readme file, it could easily be the txt email as well... |
I think Bobbi has already made my point far more eloquently than I could have, as far as I'm concerned this debate is over.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
