Malware

[Gnoman]

I'm posting this on all three of the sites (all normally safe) that I've visited today. I picked up a false antispyware of the sort that usually piggybacks on ads or hosted images. While I have no certainty to the source, I feel that the danger of such a program warrants caution.

[Saposhiente]

One does not simply pick up malware. It has to come from somewhere, and unless someone has figured out how to embed viruses in images, it wasn't here.

[Siosilvar]

One does not simply pick up malware. It has to come from somewhere, and unless someone has figured out how to embed viruses in images, it wasn't here.

While the images themselves aren't malware, a request for an image can get malware attached to it. This has been the case for at least two years (according to a cursory search) and probably closer to the last decade or so.

[TuggyNE]

One does not simply pick up malware. It has to come from somewhere, and unless someone has figured out how to embed viruses in images, it wasn't here.

There actually have been buffer overflow attacks leading to code execution in image file formats*. So yes, images can have viruses. The more you know!

*WMF and EMF are the ones I remember; Windows had a patch for that some years ago.

[Togath]

Ah, so that's what a buffer overflow is.(I've been wondering, but haven't been sure what is was)

[Douglas]

Ah, so that's what a buffer overflow is.(I've been wondering, but haven't been sure what is was)

A buffer is a designated area where a computer stores a chunk of information. A buffer overflow is when the chunk of information is bigger than the buffer and "overflows" into some area outside of the buffer. If the program managing the buffer fails to prevent this (usually because the person who made it thought the space he allocated was "big enough for anything that would ever go there"), and the hacker knows enough about where the buffer is, a hacker can carefully design the overflow so that it, say, spreads into the spot where the computer stores what it's going to do next and the part that ends up there happens to be "email the owner's password to X". That's what a buffer overflow attack is, and it could potentially be used to have the victim computer do almost anything.

A buffer overflow attack embedded in an image, then, would be an image bigger than the space the browser reserves for it, with the tail end of the image designed as I described.

[Togath]

ah, aye that sounds like what happened with my main computer(all of the things I often accessed from it were suddenly hacked, and the computer died, after a "buffer overflow" error while browsing a different site).
How likely is one of those to infect word document files enough for them to be unretrievable from the computer?

[TuggyNE]

I'd note that if you got an error message, that probably doesn't indicate a successful attack. (Only DoS-based attacks generally succeed by crashing processes, and those are seldom designed to infect anything.)

How likely is one of those to infect word document files enough for them to be unretrievable from the computer?

It's not implausible, but neither is it certain to have been the cause. (Conceivably you could have suffered a disk error, a bug or flaw in memory, or several unrelated malware attacks.)

[Togath]

in this case I had been thinking of starting my computer up in safe mode, and having my friend download my documents onto one of those data wedge thingies and loading the documents onto his computer(which has anti virus programs) to check for viruses, and if he found any having him try to remove them. The main thing I wasn't sure about was if its possible to actually remove a virus with normal virus scanners(or at least clean documents of one by transferring them to an uninfected computer)

[TuggyNE]

in this case I had been thinking of starting my computer up in safe mode, and having my friend download my documents onto one of those data wedge thingies and loading the documents onto his computer(which has anti virus programs) to check for viruses, and if he found any having him try to remove them. The main thing I wasn't sure about was if its possible to actually remove a virus with normal virus scanners(or at least clean documents of one by transferring them to an uninfected computer)

Generally, it's best not to start an infected computer at all; remove its hard drive and get files off manually.

It's often possible to clean infected files, but it depends on the virus in question, and the sophistication of the antivirus. Usually, though, failure to clean means the file has to simply be deleted, since the data is already too corrupted to save.

[Roland St. Jude]

Sheriff: As this does not appear to be related to this board at all, I'm locking this thread. General virus discussion and advice can be done in Friendly Banter.