DLL Hijacking expands to EXE files

Early in the DLL hijacking episode, some researchers were using the phrase, "binary planting" instead of "DLL hijacking" because they saw the possiblility of using executables other than DLL:

Binary Planting Update, Day 6
http://blog.acrossecurity.com/2010/08/binary-planting-update-day-6.html

And so it has happened:

Binary Planting Goes "EXE"
http://blog.acrossecurity.com/2010/09/binary-planting-goes-exe.html

The example they gave demonstrated a vulnerability in Safari for Windows (now patched), which can easily be used to exploit other vulnerable applications:

ASPR #2010-09-08-1: Remote Binary Planting in Apple Safari for Windows
http://www.acrossecurity.com/aspr/ASPR-2010-09-08-1-PUB.txt

It becomes obvious that the surest proactive protection against this type of attack is to have security in place that prevents *any* unauthorized executable from running.

This way, you are protected even though a particular application has not patched the vulnerability.


----
rich

 

*Sigh* I've tried and tried to stay away from all this complicated, restrictive security BS, only to keep being pushed further and further into a corner. I hate HIPs, I hate software firewalls, I hate anti-execution software, I hate it all. Why can't I and my Sandboxie just be left alone to surf in peace?

 

*Mr LUA+SRP aims at binary planting*
*BAM*
*Binary planting crippled*

 

People make security much more complicated than it needs to be.

A good analogy is protecting against mosquitoes in your home. Either

1) You put up screens to keep them out, or

2) You have traps inside to catch them, thus negating their danger

In computer security, for protection against remote code execution exploits,

1) would be LUA or SRP or the like

2) would be a VM or a sandbox type of application.

Today there are so many solutions to these types of exploits that there is no reason other than ignorance (being unaware) why anyone should be infected.

These are really the easiest of attacks to prevent, as I've said for years. Much more difficult are the social engineering ones, where the user is duped into permitting the installation of something that turns out to be malicious.

----
rich

 

Yes, yes, LUA, SRP, geez. Maybe some people, prepare to fall over from shock here, don't WANT to go through all that.

 

I have Sandboxie! Lol. Surely that lessens the danger by quite a bit (provided of course it's configured further than just "out of the box").

Edit: Actually, security is getting more complicated than it should be because these numbskull malware writers have the patience of God, lol.

 

Is only an Ultimate solution, not for those at Home.

 

Exactly. Too many seem to forget that not everyone has or needs Ultimate or higher.

 

Not really - just use Sully's PGS.

 

A warning is given about Windows 7, and I don't THINK it has been tested on 64 bit, which is what a lot of us have.

 

Well, Sully said in this post as of Jan. that he tested in in 32 and 64bit. So it should work - but Sully's the one who can definitely answer this question.

 

I think you meant Pro or higher.
Sully's PGS works on XP all versions.

Perhaps also post in Sully's thread, very nicely asking the status of PGS for Win 7?


Another, somewhat radical, option is to use Win 7 ultimate/pro without any key (can be used for 120 days legally, or possibly 1 year); keep all documents on a seperate partition, and reinstall every 4 months.

*shakes fist at MS for not including SRP in all versions*

 

Free Anti-Executable?