hah! vindication...


stolen from a securityfocus piece I read:

Most virus researchers agreed with Alcopaul's assessment of the infection technique, and say some early reports overstated the importance of Perrun.

"I think it's all pretty lame. It can't execute without the helper app," said Roger Thompson, malicious code analyst for ICSA Labs. The virus's primary payload consists of a change to the infected system's registry such that Extrk.exe is configured to open all JPEG files by default, he said.

Well, they do exist at least... I remember seeing something about how Irfanview (my favorite "free" Windows graphics viewer) could be hax0r3d by a malformed Photoshop file.

Ah yes... here we go...

http://www.securiteam.com/exploits/3A5Q2QKQ0U.html

Version 3.07

Granted, not the kind of thing everyone does... and it isn't anything more than shell code and a buffer overflow (*yawn*), but this kinda stuff is out there.

This is just as bogus as I thought it would be... of course instructions can be stored in any friggin format you want. That's all this is, a payload stored in a file (that does corrupt the file, from what I can see, not impressive) The code is then extracted by another interpretor of sorts; you guessed it, another attachment virus... hell, I could do this with basica

I thought this was an eploit of graphics viewing code that executed other code arbitrarilly(sp?), what a dissapointment.. another reason news people should be shot

Sometimes the user needs protection from the AV software too... With some viruses (MS Word Macro for example) manual disinfection was fairly trivial most of the time. You lose you macros, but that is it.. One company I worked at, had been infected with a completely harmless, but existant macro virus 6 months before they noticed it. When the definition files were updated, the A/V software gave them no choice... it just deleted the file. 6 months of changes to a 90 page user manual down the drain...

Viruses in any file

From article's I have read over the last year I beleive that any file can contain a virus. Adobe Acrobat files(pdf) were thought to be virus proof until earlier this year when someone showed a way to make recent versions of adobe launch embedded aplications. Even plain text ascii files can include a virus. If anyone would care to dispute this I would be interested.
On a side note, It is my personal opinion that an AV program can only protect a user from him or herself. most of the virii that av programs protect you from a user has to download or opened(email) by a user. A very few viruses can acutally get to your computer on it's own and infect your computer without you actually doing anything to help it. I am aware that there are a few(code red and the like), but those could have been stopped by applying the appropriate security patches as released by Microsoft months before the launching of those viruses(let's not start a MS debate here, I don;t have the time or energy to think about where I stand on that today)

any thoughts?

simple3

and

http://story.news.yahoo.com/news?tmp...h_viruses_dc_1

http://story.news.yahoo.com/news?tmp...3/tc_zd/935766