Malware can't execute by itself - you still have to run the file. True or Flase?

Discussion in 'malware problems & news' started by The Count, Dec 25, 2017.

  1. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    177
    Location:
    France
    Malware can't execute by itself - you still have to run the file for it be detrimental? True or False? Reasons?
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,190
    Location:
    Among the gum trees
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,999
    Location:
    Member state of European Union
    RCE - remote code execution
    It is more common for web servers and operating systems rather than average consumer software, but sometimes there are some vulnerabilities discovered that can enable RCE exploits.
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Exploits can execute Malicious Code by simply accessing an infected webpage, or vulnerable application. Malware is more commonly executed by the user being fooled into executing it through methods of Social Engineering. Exploits more commonly target Government, and Enterprise infrastructure.
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    Worst of all scenarios is the CCleaner case.

    This is a perfect example of a Supply chain attack.

    Note: I got this infection but luckily just the first part of it when it wrote reg entries but my firewall blocked connections to the outside. This saved me from a more harmful stage of the infection.
     
    Last edited: Dec 26, 2017
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I think the CCleaner case is more unusual since the installer came from a trusted source. It reminds me of that time Eset discovered saltydog trojan in ComboFix from Bleeping Computer. I was very lucky that I was not infected by the CCleaner malware. I think if I ever get infected (knock on wood) that it will be from an installer from a trusted source. I don't use installers from untrusted sources. Everyone should check the hash of the installer against the known good hash provided by the developer.
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Depends on the definition of runs by itself. I assume that includes user initiated indirect methods such as infected Word doc. and the like.

    However, malware is delivered in stages whereas stage 1 is to install the payload and modify registry run keys, startup locations, or WMI consumer event or scheduled task created. Backdoors also fall in this category.

    Then there are there are memory based attacks where the payload is downloaded directly into memory and executed from there.

    Finally the CCleaner incident is really not unique. There have been others in the past; most notably the WannaCry incident.
     
  8. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    177
    Location:
    France
    Downloading MP4 video files from someone else's Google Drive anything to worry about?
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
  10. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    177
    Location:
    France
    The linked article you provided mentions issues only when editing is involved. In my case no editing will be done, I'm just going to be viewing the mp4 video's after I download them from Google Drive. Should I worry?

    Here is the quote from the link you supplied: "...attackers uploaded a piece of malware to Google Drive and created a public link to it. They then used Google Docs to send the link to the targeted users. Once victims attempted to edit the Google Docs file, the Apps Script triggers would cause the malware to be automatically downloaded to their devices. "
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    It depends a bit, if those MP4 files will trigger exploits in the media player then malware can execute automatically. If you're worried about this, then you need to use anti-exploit tools like HMPA. But these tools may sometimes also cause problems with legitimate software.

    https://www.hitmanpro.com/en-us/alert.aspx
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.