DLL Hijacking expands to EXE files

Discussion in 'other security issues & news' started by Rmus, Sep 9, 2010.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Early in the DLL hijacking episode, some researchers were using the phrase, "binary planting" instead of "DLL hijacking" because they saw the possiblility of using executables other than DLL:

    Binary Planting Update, Day 6
    http://blog.acrossecurity.com/2010/08/binary-planting-update-day-6.html

    And so it has happened:

    Binary Planting Goes "EXE"
    http://blog.acrossecurity.com/2010/09/binary-planting-goes-exe.html

    The example they gave demonstrated a vulnerability in Safari for Windows (now patched), which can easily be used to exploit other vulnerable applications:

    ASPR #2010-09-08-1: Remote Binary Planting in Apple Safari for Windows
    http://www.acrossecurity.com/aspr/ASPR-2010-09-08-1-PUB.txt

    It becomes obvious that the surest proactive protection against this type of attack is to have security in place that prevents *any* unauthorized executable from running.

    This way, you are protected even though a particular application has not patched the vulnerability.


    ----
    rich
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    *Sigh* I've tried and tried to stay away from all this complicated, restrictive security BS, only to keep being pushed further and further into a corner. I hate HIPs, I hate software firewalls, I hate anti-execution software, I hate it all. Why can't I and my Sandboxie just be left alone to surf in peace?
     
  3. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    *Mr LUA+SRP aims at binary planting*
    *BAM*
    *Binary planting crippled*
    :D
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    People make security much more complicated than it needs to be.

    A good analogy is protecting against mosquitoes in your home. Either

    1) You put up screens to keep them out, or

    2) You have traps inside to catch them, thus negating their danger

    In computer security, for protection against remote code execution exploits,

    1) would be LUA or SRP or the like

    2) would be a VM or a sandbox type of application.

    Today there are so many solutions to these types of exploits that there is no reason other than ignorance (being unaware) why anyone should be infected.

    These are really the easiest of attacks to prevent, as I've said for years. Much more difficult are the social engineering ones, where the user is duped into permitting the installation of something that turns out to be malicious.

    ----
    rich
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Yes, yes, LUA, SRP, geez. Maybe some people, prepare to fall over from shock here, don't WANT to go through all that.
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I have Sandboxie! Lol. Surely that lessens the danger by quite a bit (provided of course it's configured further than just "out of the box").

    Edit: Actually, security is getting more complicated than it should be because these numbskull malware writers have the patience of God, lol.
     
  7. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Is only an Ultimate solution, not for those at Home.
     
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Exactly. Too many seem to forget that not everyone has or needs Ultimate or higher.
     
  9. tlu

    tlu Guest

    Not really - just use Sully's PGS.
     
  10. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    A warning is given about Windows 7, and I don't THINK it has been tested on 64 bit, which is what a lot of us have.
     
  11. tlu

    tlu Guest

    Well, Sully said in this post as of Jan. that he tested in in 32 and 64bit. So it should work - but Sully's the one who can definitely answer this question.
     
  12. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    I think you meant Pro or higher.
    Sully's PGS works on XP all versions.

    Perhaps also post in Sully's thread, very nicely asking the status of PGS for Win 7?


    Another, somewhat radical, option is to use Win 7 ultimate/pro without any key (can be used for 120 days legally, or possibly 1 year); keep all documents on a seperate partition, and reinstall every 4 months.

    *shakes fist at MS for not including SRP in all versions*
     
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Free Anti-Executable?
     
Loading...
Thread Status:
Not open for further replies.