[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] --trust-server-names

From: David H. Lipman
Subject: Re: [Bug-wget] --trust-server-names
Date: Fri, 13 Apr 2012 20:17:21 -0400

From: "Ángel González" <address@hidden>

On 13/04/12 00:26, David H. Lipman wrote:
From: "Micah Cowan" <address@hidden>

On 04/12/2012 03:13 PM, David H. Lipman wrote:
I am downloading deliberately malware such that a download won't be
"ActiveX-Patch" but will be called "flv_codec_pack_112_full.exe" as
the server intended.

But please, tell me the risks.

And how about a server that calls its malware ".bashrc"?

Since it is a non standard named file, I will open it in FileInsight
and examine the binary.  If I don't recognize its format, I'll run the
TrID plug-in and detrrmine its format.  I will treat the file
.bashrc is the name of a file executed automatically by bash(1) on
startup if present in the home folder. As such, that can lead to code

Not on Windows.

If you're downloading the files interactively, so you could detect
filename which would be automatically run by another program, you
be safe. Alternatively, not downloading into the home folder
(which is
common both for running commands and for those config files),
avoids that, too.
See the CVE entry for more details.

There might be additional sources from unexpected execution, such as
pdf vulnerability being run by the pdf thumbnail viewer on the GUI...

I eat PDF Exploit files for breakfast.

Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk

reply via email to

[Prev in Thread] Current Thread [Next in Thread]