On 13/04/12 00:26, David H. Lipman wrote:
From: "Micah Cowan" <address@hidden>
On 04/12/2012 03:13 PM, David H. Lipman wrote:
I am downloading deliberately malware such that a download won't be
called
"ActiveX-Patch" but will be called "flv_codec_pack_112_full.exe" as
the server intended.
But please, tell me the risks.
And how about a server that calls its malware ".bashrc"?
Since it is a non standard named file, I will open it in FileInsight
and examine the binary. If I don't recognize its format, I'll run the
TrID plug-in and detrrmine its format. I will treat the file
accordingly.
.bashrc is the name of a file executed automatically by bash(1) on
startup if present in the home folder. As such, that can lead to code
execution.
If you're downloading the files interactively, so you could detect
any
filename which would be automatically run by another program, you
should
be safe. Alternatively, not downloading into the home folder
(which is
common both for running commands and for those config files),
usually
avoids that, too.
See the CVE entry for more details.
PS:
There might be additional sources from unexpected execution, such as
a
pdf vulnerability being run by the pdf thumbnail viewer on the GUI...