Reflected File Download attack to spread 0-Day Worm Over Any Social Networks

YW

I'd still be interested to know if you feel that this is something different to what is known as a Drive-by-download - as described in this Wiki: http://en.wikipedia.org/wiki/Drive-by_download

 

Two lists of executable file extensions:
http://pcsupport.about.com/od/tipstricks/a/execfileext.htm
http://www.file-extensions.org/filetype/extension/name/program-executable-files

 

But,

If that email was genuine looking, as i alluded to, & with say a similar www to a persons bank, i think based on years of reading about people getting hoodwinked into such things, a lot still would. Not you though !

Indeed there are, Lots ! I noticed you posted in here https://www.wilderssecurity.com/threads/mzreveal-shows-disguised-executables.369967/unread as i did. If you searched your whole drive/folders etc, you would find even more !

That's why i asked on that thread, if any of those unusual executables "could" be misused to slip past the radar etc ? I didn't get an answer ?

@ Simplicity

Thanx !

********

Don't forget, with AnalogX Script Defender you can add in ANY file type you like !

 

OK, I see your point.

----
rich

 

They are different because in this one the URL itself has the data used in the attack, instead of the resource referenced in the URL.

 

Thanks, Mr Brian!

Can you/will you put 'a little more meat on the bone' as it were? I don't fully understand.

There's a certain Dustin J. Cook, the author of the infamous 'Irok' virus and a Malware expert who once worked for Malwarebytes, giving me grief in a Usenet thread claiming that RFD is 'old hat'!

Message-ID: <XnsA3DE8A87540BDC9X238BHEUFHHI5RJ791@192.254.233.145>

I think he's wrong, but I have little computer expertise. That's why I came here to ask for help.

Mr Cook, at the age of 36, is probably the world's number one in his field!

https://www.dropbox.com/s/v8qhlhj5f74ysnw/Dustin Cook - Malwarebytes copy.tiff?dl=0

 

You're welcome .

He may be right; see post #10.

If you look at Figure 1 at http://blog.spiderlabs.com/2014/10/reflected-file-download-the-white-paper.html, notice the characters after https://example.com. That's what I meant by "the URL itself has the data used in the attack."

 

I appreciate your further response 'MrBrian'. Things are beginning to make a little more sense now!

I watched this video a number of times https://www.youtube.com/watch?v=V9YYAiMZY9k and I have little doubt that I personally succumbed to the temptation to respond exactly as described. I can recall seeing all the windows opening and closing exactly as were demonstrated! It's what I do for fun - experiment to see what happens! I do feel just a teeny weeny bit 'safer' using my Apple iMac but am fully aware that I'm still vulnerable. Hopefully, though, Apple is kept aware of my findings when I deliberately Force Quit a programme (like Google Chrome) and a report generated and sent off to Apple. Very often I then wipe clean my hard drive and start afresh!

Recently, I installed Sophos AV and carried out a full scan. I confess I was a little surprised to discover what appears to be an OS X infection! I've attached confirmation for your interest.

https://www.dropbox.com/s/chdn553o8raq3q2/Malware_on_my_Mac.tiff?dl=0

Thank you so much for your help with this matter.