Home | Community | Message Board

Avalon Magic Plants
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: North Spore Bulk Substrate   Unfolding Nature Unfolding Nature: Being in the Implicate Order   Original Sensible Seeds Bulk Cannabis Seeds   Myyco.com Golden Teacher Liquid Culture For Sale   Kraken Kratom Red Vein Kratom

Jump to first unread post Pages: 1
Invisiblepoke smot!
floccinocci floofinator
Male

Registered: 01/08/03
Posts: 5,248
Image viruses: A PC tech's viewpoint.
    #3192126 - 09/28/04 03:37 PM (19 years, 6 months ago)

Being a computer service tech at the local pc shop, I like to stay informed about issues that will affect us and our business in the future.

I'm sure everyone has heard about the jpeg exploit by now. Yes, a small bit of code can be placed in a measley little jpeg picture crafted to exploit this bug, and it will be executed upon anyone viewing it with an unpatched computer.

I said I'll give it a week for someone non-microsoft to figure it out, and another week for viruses and the like to come out that exploit this bug.

Last week, a fellow techie at my work showed me a small C++ program. Insert shellcode here (up to 2500 bytes, a lot for shellcode), and run. It will spit out a JPEG image using the exploit, and upon viewing the image on a vulnerable computer, that shellcode will run.

Today he showed me one of the first instances of a trojan horse utilizing this bug. When you view the infected image, the code runs. It connects to an FTP site, grabs a list of files, and then downloads those files from the FTP. It then runs a batch file.

It turns out that the trojan installs rAdmin (similar to VNC), and then connects to an IRC server. All of this is transparent to the victim, ie. they cannot tell this is going on. But all the creator has to do is go to that IRC room, pick a victim, and then he can connect to their computer and see what is on the screen, as well as control the keyboard and mouse.

This is a very rudimentary example of an exploitation of the bug. I then checked symantec's website, and noticed that another variant of this same idea was listed in their new threats. The variant simply downloads and then runs a Windows application from a website they provide. Think, this is the simple layout for a virus of any proportions. That application can delete files, infect other images, even post infected images on the user's website if it's told how to.

I give it another week until a major virus comes out that self-replicates and grows to infect at least a thousand computers. Another week, and they will have decentralized viruses that recompile infected images to look as they did before, but download the exploit code from non-centralized sources. This is where things will get nasty, as in the current stage of things one only has to take out the server from which the virus image downloads from.

Patch your computers people! <a href="https://www.mind-media.com/go.php?http://windowsupdate.microsoft.com." target="_blank">http://windowsupdate.microsoft.com.</a> Keep in mind that even if you don't use Internet Explorer, you may still be vulnerable to this glitch.

I'de like to write something to exploit the glitch, but I fear legal consequences. Keep in mind that if I were to write an exploit, it would most likely (1) not reproduce and (2) fix the problem so it can't happen again on that computer.

Edited by poke smot! (09/07/20 01:52 PM)

Extras: Filter Print Post Top
InvisibleKrishna
कृष्ण,LOL
 User Gallery

Registered: 05/08/03
Posts: 23,285
Loc: oakland
Re: Image viruses: A PC tech's viewpoint. [Re: poke smot!]
    #3192354 - 09/28/04 05:13 PM (19 years, 6 months ago)

it's always funny to make a virus patch that simulates the virus for a little while before letting the user in on the joke :smile:


--------------------



Extras: Filter Print Post Top
InvisibleClean
the lense
Male User Gallery

Registered: 05/11/03
Posts: 2,374
Re: Image viruses: A PC tech's viewpoint. [Re: poke smot!]
    #3192395 - 09/28/04 05:20 PM (19 years, 6 months ago)

do i have to get the windows update in order to avoid this or will norton do the trick?

Extras: Filter Print Post Top
InvisibleLe_Canard
The Duk Abides

Registered: 05/16/03
Posts: 94,392
Loc: Earthfarm 1 Flag
Re: Image viruses: A PC tech's viewpoint. [Re: poke smot!]
    #3192570 - 09/28/04 05:57 PM (19 years, 6 months ago)

Thanks for the heads up on this! :laugh: I was wondering though, how effective is a properly set up firewall is in preventing this?

Extras: Filter Print Post Top
Invisiblepoke smot!
floccinocci floofinator
Male

Registered: 01/08/03
Posts: 5,248
Re: Image viruses: A PC tech's viewpoint. *DELETED* [Re: Le_Canard]
    #3193051 - 09/28/04 07:29 PM (19 years, 5 months ago)

Post deleted by poke smot!

Reason for deletion: x


Extras: Filter Print Post Top
InvisibleLe_Canard
The Duk Abides

Registered: 05/16/03
Posts: 94,392
Loc: Earthfarm 1 Flag
Re: Image viruses: A PC tech's viewpoint. [Re: poke smot!]
    #3193091 - 09/28/04 07:35 PM (19 years, 5 months ago)

Even Zonealarm Pro? It monitors outgoing traffic as well, and will tell you if any program is trying to get access to the 'net.

Extras: Filter Print Post Top
Invisiblefunkymonk
Get's down, withthe get-down.
 User Gallery

Registered: 11/29/02
Posts: 8,160
Loc: saskatchewan
Re: Image viruses: A PC tech's viewpoint. [Re: poke smot!]
    #3193195 - 09/28/04 07:54 PM (19 years, 5 months ago)

Awesome post man!
I love talking about viruses, what they do, and how they spread. It's pretty damn cool if you think about it.

Sometimes I get bored and infect myself with the latest threat virus. Just to see how it works. I just wish I new C++ alot better.

Extras: Filter Print Post Top
OfflinePhanTomCat
Teh Cat....
Male User Gallery

Registered: 09/07/04
Posts: 5,908
Loc: My Youniverse....
Last seen: 15 years, 1 month
Re: Image viruses: A PC tech's viewpoint. [Re: Le_Canard]
    #3193263 - 09/28/04 08:09 PM (19 years, 5 months ago)

Quote:

ToiletDuk said:
Even Zonealarm Pro? It monitors outgoing traffic as well, and will tell you if any program is trying to get access to the 'net.




Yeah, wouldn't the JPG file have to request thru the firewall to get back out...? Hhhhmmmmm......... Seems logical, but does it hold any "water".... (It was a moat joke...) <SmerK>


--------------------
I'll be your midnight French Fry....  :naughty:

"The most important things in life that are often ignored, are the things that one cannot see...."

>^;;^<

Extras: Filter Print Post Top
OfflineDF2K
Me.
Male User Gallery

Registered: 06/01/02
Posts: 5,826
Loc: The land before time
Last seen: 10 years, 3 months
Re: Image viruses: A PC tech's viewpoint. [Re: PhanTomCat]
    #3193681 - 09/28/04 11:13 PM (19 years, 5 months ago)

I havew written virra code before, its not that hard, actually

Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: North Spore Bulk Substrate   Unfolding Nature Unfolding Nature: Being in the Implicate Order   Original Sensible Seeds Bulk Cannabis Seeds   Myyco.com Golden Teacher Liquid Culture For Sale   Kraken Kratom Red Vein Kratom


Similar ThreadsPosterViewsRepliesLast post
* LOL!!! Letter sent in to tech support from angry customer...
( 1 2 all )
trendalM 4,171 31 07/09/05 10:54 AM
by goob
* Fix for "pr0fil3 0wn3d by b1ind0" virus/worm Gumby 894 5 01/07/04 07:13 PM
by AKA PC
* Dell Tech Support
( 1 2 all )
Gillette 2,470 25 08/24/05 01:49 PM
by Noetical
* Best Anit Virus
( 1 2 all )
Ripple 1,076 25 02/07/06 04:13 PM
by kake
* tech nerds, help me please Edge 1,314 12 03/30/05 03:20 PM
by freddurgan
* KGB and ZoneAlarm
( 1 2 all )
LeftBehind 1,554 24 12/10/08 03:33 PM
by MHbound
* aim virus wrestler_az 572 6 10/13/05 09:06 PM
by ZippoZ
* We may have found a cure for the HIV virus.
( 1 2 3 4 5 6 all )
ChickenNugget 7,373 104 08/17/05 01:02 AM
by Skunk420

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Entire Staff
1,037 topic views. 3 members, 27 guests and 101 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.024 seconds spending 0.008 seconds on 14 queries.