![]() Even the actual data could theoretically be crafted to exploit the program. For example, it might be possible to put too much data in the media file’s meta-data so that when the player tries to open the file and read it, it overflows the variables and causes some code to run. They can be made so that they contain a bit of machine code and exploit the media-player so that the machine code ends up running. At that point, the sky is usually the limit as to what can be done once the malware has control. ![]() By cleverly crafting the input, it is possible to cause code (instructions) to be overrun and then transfer control to that code. A common, and well-known method is the buffer-overflow which puts more data in the variable than it can hold, thus overwriting other parts of memory. Normally, the user-data should be contained only in a variable, but by exploiting poor error-checking and memory-management, it is possible to put it in a part of memory that can be executed. If you then enter data that it does not expect (or in the case of most exploits, too much data), then the input will end up outside of the memory that was assigned to hold the data. For example, a login dialog box on an OS or web-site may not perform error-checking or data-validation, and thus assume/expect the user to enter only appropriate data. These instructions often take the form of some sort of user input. Malware writers would disassemble a program to examine its source-code and look for certain parts that had poor data- and error-handling which they could exploit. Later, more advanced exploits came along. It exploited the limited display of filenames of email clients to pull off its trick. This was not only social-engineering (tricking the user), but also an early exploit. exe", the user sees what looks like a video and runs it and gets infected. For example, an email client may only display the first dozen or so characters of attachments, so by giving a file a false extension, then padding it with spaces as in "FunnyAnimals.avi. jpg in order to trick the user into thinking it is a media file and run it. A popular trick would be to rename an executable to include other extensions like. ![]() Later, Internet worms started using social-engineering to trick people into running viruses. In the past, only executable (i.e., “runnable”) files would be viruses. As such, it cannot be a virus in its own right, but it can indeed contain a virus. avi file is a video, and therefore is not executable, so the operating system can/will not run the file.
0 Comments
Leave a Reply. |