Virus question...

[TheBigBasicQ]

well, how do i findout whether its actually infected and where does the append takes place?

[oracle]

It's not an "append" as such. When you send images/docs etc as attachments their size is expanded by around 42% because of the encoding plasma talks about.

Just dl it and run an antivirus on it before opening it.

[TheBigBasicQ]

Why is encoded in the first place?

[Rhiannon]

Why is encoded in the first place?

So that people like you can freak out

j/k....this link explains why

[TheBigBasicQ]

Hmm...I had a look at it and it really sounds interesting =P. IMO they should warn people about it. Since people like me having an overly active imagination will start getting ideas =P.

[LooseCaboose]

Buffer overflow exploit does not execute the code itself, the overflowed data is read as pure asm code, and interpreted. Don't ask me why MS did that, to me it's just plain stupid to have a BMP decoder execute asm code.. but that's just me.

Buffer overflows typically arise from code written in C or C++ because these two languages dont provide much in the way of type safety and boundary checking, for example the following:

Code:

char a[5];

a[6] = 'x';

Is not prevented by either the C compiler or the runtime, its behaviour is simply undefined. Buffer overflows are exploits where are cracker finds a buffer in a program somewhere (such as a buffer for storing a bmp file) that doesn't have bounds checking and writes an huge amount of data to it. Because of the way data segments are organised this allows a cracker to overwrite other data structures, including things like function pointers or portions of code, giving them the ability to execute code.

The overflowed data is not read as pure assembly code and Microsoft did not design their code so that overflowed data would automatically be executed, its an inherient problem with some low level languages. Buffer overflows can be prevented by having implicit bounds checking on all buffers.

Newer languages like C# and Java are type safe and dont allow buffer overflows by design, this is one of the major driving factors in the use of these languages for application development (especially web development) over older languages such as C/C++

[Agamemnus]

...and QB.

All that's needed is a MOD and an add...

[TheBigBasicQ]

Hmm...dont the latest C/C++ compiler support buffer overflow checking?

edit:

i just tried the same program in my Linux installation, it seems GCC doesnt support it =(

[LooseCaboose]

Hmm...dont the latest C/C++ compiler support buffer overflow checking?

edit:

i just tried the same program in my Linux installation, it seems GCC doesnt support it =(

Some C/C++ compilers provide flags for heavy error checking that can sometimes, but not always uncover boundary overflows. Are you talking about the code I gave, I just tried the following with gcc:

Code:

#include <stdio.h>

int main() {
  int a[5];
  a[6] = 4;

  printf("a[6] = %d\n", a[6]);
}

Which produced:

Code:

a[6] = 4

So both the compiler and the runtime allowed me to overflow the buffer. Luckily it didn't crash, but there is no guarantee what the above code would do on any given system.

[SJ Zero]

A virus can not and will never run itself. [period]

All this hype you see in the news about: "Do not open emails from unkown people, cause when you read them they will destrou your computer" is just hype, no real facts or anything.

Um...

Don't you know about the outlook scripting bugs which caused the proliferatioin of iloveyou? Even previewing such e-mails was enough to infect you.