Viruses and Trojan horses. What is and isn’t safe these days?

It used to be said that unix was safe from viruses, ditto files with suffix pdf and jpg. But that windows word and excel files, and html files were unsafe.

Since then, I’ve heard about a virus in unix (can’t remember who from) and the latest Cyberwars episode mentioned Trojan horses in pdf and jpg files. On the other hand, Excel file xlsx can’t contain macros, only xlsm can. Ditto docx and docm, perhaps word and excel are safe again.

mollwollfumble said:

Viruses and Trojan horses. What is and isn’t safe these days?

It used to be said that unix was safe from viruses, ditto files with suffix pdf and jpg. But that windows word and excel files, and html files were unsafe.

Since then, I’ve heard about a virus in unix (can’t remember who from) and the latest Cyberwars episode mentioned Trojan horses in pdf and jpg files. On the other hand, Excel file xlsx can’t contain macros, only xlsm can. Ditto docx and docm, perhaps word and excel are safe again.

Morning all.
Even Mac has malware now.

Macros are so noughties, but still a problem for the unwary.

mollwollfumble said:

Viruses and Trojan horses. What is and isn’t safe these days?

It used to be said that unix was safe from viruses, ditto files with suffix pdf and jpg. But that windows word and excel files, and html files were unsafe.

Since then, I’ve heard about a virus in unix (can’t remember who from) and the latest Cyberwars episode mentioned Trojan horses in pdf and jpg files. On the other hand, Excel file xlsx can’t contain macros, only xlsm can. Ditto docx and docm, perhaps word and excel are safe again.

I figured the following might be the case, but had never seen it stated. According to the following, extensions that appear to be harmless aren’t.

how-hackers-can-disguise-malicious-programs-with-fake-file-extensions

File extensions can be faked – that file with an .mp3 extension may actually be an executable program. Dubbed the “Unitrix” exploit by Avast after it was used by the Unitrix malware, this method takes advantage of a special character in Unicode to reverse the order of characters in a file name, hiding the dangerous file extension in the middle of the file name and placing a harmless-looking fake file extension near the end of the file name.

The Unicode character is U+202E: Right-to-Left Override, and it forces programs to display text in reverse order. While it’s obviously useful for some purposes, it probably shouldn’t be supported in file names. For example, a filename that appears as “Awesome Song uploaded by RCS.mp3”, a harmless mp3 file, may actually be “Awesome Song uploaded by 3pm.SCR”, a dangerous screensaver file.

The most common dangerous file extensions are .exe, .bat, .cmd, .com, .lnk, .pif, .scr, .vb, .vbe, .vbs, .wsh, .jar.

For risks specifically associated with .pdf files, see what-are-the-security-risks-associated-with-pdf-files

There is the general risk associated with any type of file: that whatever application is used to read it will have a bug that can be exploited by certain byte sequences within the file, thus executing arbitrary code. PDF files can contain javascript (JS), what risks does that pose? Or is it well locked down for all major PDF viewers/editors (Adobe Reader, PDF-XChange, Sumatra, Foxit, Nitro, as well as the internal viewers in Firefox and Chrome)?

One PDF-specific risk is that Adobe and third-party reader extensions are supported: your PDF viewer may have extra modules loaded, or may require them to open certain documents. Examples include: Adobe LiveCycle Rights Management ES4 and Time limited PDFs for which there are commercial products. PDFs can contain attachments, though not all readers support this. These can be any type of file. PDF security features such as no-copy, no-print, no-edit are not enforced by some viewers. Files can be simultaneously PDF, native binary executable, .jar and .html by using similar “slack” in those formats. External malware could then turn the pdf into a virus.

Welcome to email 101 moll.

mollwollfumble said:

Viruses and Trojan horses. What is and isn’t safe these days?

It used to be said that unix was safe from viruses, ditto files with suffix pdf and jpg. But that windows word and excel files, and html files were unsafe.

Since then, I’ve heard about a virus in unix (can’t remember who from) and the latest Cyberwars episode mentioned Trojan horses in pdf and jpg files. On the other hand, Excel file xlsx can’t contain macros, only xlsm can. Ditto docx and docm, perhaps word and excel are safe again.

Unix was never inherently “safe” from exploits, it’s just that people that wrote these exploits were looking for maximum penetration and therefore it made more scene to target Windows over what was essentially a boutique operating system.

Controlled and rational behavior around which email attachments and web site you trust will always protect you better then any software system.

It isn’t rocket science and luckily most users are becoming much more aware of these sorts of threats and most service providers are much better at controlling security of these own web sites.

Most malware still seems to be done be social engineering, click on this link and the like.
It’s interesting though how professional some of it is, when a person at work got a screen pop up telling them their computer was infected it had a number to ring which she did and the guy on the other end (had an Indian accent funny enough) was telling her how to fix it which was actually trying to install the real Malware, it sounded like a professional call centre bar some weird cycling beep in the background. I told her to hang up when I found out she hadn’t rang our help desk

Unix is not, and has never been, safe from malware attack — in fact one of the first major malware attacks, The Internet Worm, targeted Unix machines specifically.

btm said:

Unix is not, and has never been, safe from malware attack — in fact one of the first major malware attacks, The Internet Worm, targeted Unix machines specifically.

Unix is probably the best place to launch a worm, anything worth attacking uses unix.

poikilotherm said:

btm said:

Unix is not, and has never been, safe from malware attack — in fact one of the first major malware attacks, The Internet Worm, targeted Unix machines specifically.

Unix is probably the best place to launch a worm, anything worth attacking uses unix.

it really depends on what you are trying to achieve…

diddly-squat said:

poikilotherm said:

btm said:

Unix is not, and has never been, safe from malware attack — in fact one of the first major malware attacks, The Internet Worm, targeted Unix machines specifically.

Unix is probably the best place to launch a worm, anything worth attacking uses unix.

it really depends on what you are trying to achieve…

Anything worth achieving …

poikilotherm said:

diddly-squat said:

poikilotherm said:

Unix is probably the best place to launch a worm, anything worth attacking uses unix.

it really depends on what you are trying to achieve…

Anything worth achieving …

there is difference between hacking information from servers and using malware to to hijack individual machines so that they can be used in a bot-net

btm said:

Unix is not, and has never been, safe from malware attack — in fact one of the first major malware attacks, The Internet Worm, targeted Unix machines specifically.

I never said Unix was safe from malware attack. The infamous hacker later FBI conman (name Metznik?) wrote exclusively about hacking Unix machines. I’ve done a bit of playing around with Unix .rsh and similar files myself in the 1980s. I hadn’t heard about the Morris worm.

> Most malware still seems to be done be social engineering, click on this link and the like.

That’s not “social engineering”. Examples of “social engineering” in hacking are:

1) Pretending to be a police officer in order to make a friendly in their traffic branch so you can find the name and address of a target from their car number plate.
2) Becoming a friend of the key person who works on anti-hacking patches to obtain new vulnerabilities the moment they’re discovered before patches are written to block them.
3) Obtaining entry to an off-web secure facility by following someone in through the door when they swipe their passcard.

Social engineering is off-web.

mollwollfumble said:

The most common dangerous file extensions are .exe, .bat, .cmd, .com, .lnk, .pif, .scr, .vb, .vbe, .vbs, .wsh, .jar.

Yep, any file formats that specifically carry executable code (like these, and including Office files with macros) are definitely “unsafe”.

mollwollfumble said:

There is the general risk associated with any type of file: that whatever application is used to read it will have a bug that can be exploited by certain byte sequences within the file, thus executing arbitrary code.

This is the key point about “safe” files – they don’t really exist, because code without bugs doesn’t exist.

Careful with those jpgs: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libjpeg. If you’re going to have a computer on the internet, it absolutely needs to have regular security updates to patch vulnerabilities like these.

And don’t get me started on phones: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=stagefright

The Android ecosystem is horrifying. A huge number of Android phones (especially the cheaper ones) don’t receive updates from the manufacturer or telcos at all.

cb88 said:

And don’t get me started on phones: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=stagefright

The Android ecosystem is horrifying. A huge number of Android phones (especially the cheaper ones) don’t receive updates from the manufacturer or telcos at all.

I found that highly irritating with Android, even the better known brands cough Nexus cough eventually stop getting ‘easy’ updates from Telcos.

cb88 said:

Careful with those jpgs: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libjpeg. If you’re going to have a computer on the internet, it absolutely needs to have regular security updates to patch vulnerabilities like these.

Eek!

Cross-platform application, “execute arbitrary code”, initial release 1991.

The security updates are worse malware than the problems they’re intended to fix. This is how I view “security updates”. Only, well, it’s not a linear growth of problems caused by security updates, it’s exponential.

mollwollfumble said:

The security updates are worse malware than the problems they’re intended to fix. This is how I view “security updates”. Only, well, it’s not a linear growth of problems caused by security updates, it’s exponential.

Unfortunately “security updates” tend to not just be for security, they include new features and other changes (like entire OS upgrades – thanks Microsoft).

I can understand the rationale – software companies don’t want to support multiple versions if they can avoid it. It is possible though, for example Red Hat Enterprise Linux gets ~10 years of support with only bug and security fixes.

always a joke here that MS ought just call Windows whatever Windows Update.

> Unfortunately “security updates” tend to not just be for security, they include new features and other changes (like entire OS upgrades – thanks Microsoft).

Am I the only person who thinks they the words “new features” and “Microsoft” shouldn’t be used on the same sentence?

mollwollfumble said:

> Unfortunately “security updates” tend to not just be for security, they include new features and other changes (like entire OS upgrades – thanks Microsoft).

Am I the only person who thinks they the words “new features” and “Microsoft” shouldn’t be used on the same sentence?

I shouldn’t think you are the lone stranger there.

Isn’t that just called “life”?

these sites review some antivirus programs

http://www.techradar.com/news/top-10-best-antivirus-apps-for-android-in-2017

http://www.tomsguide.com/us/best-antivirus,review-2588.html

I use ESET smart Security

An unpatched and unsecure windows pc is asking for trouble.