Jump to content

Bobn

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Bobn

  • Rank
    Newbie
  1. I asked this on the Windows ClamAV forum but I think this forum and that one are different enough, as regards readership, that it might help to ask the question here. Let me know if this is inappropriate and that readers of either forum would see it posted in just one of them. **************************************************************************** If I were to explain why I'm asking this question, you would have a lot to read - it is rather involved and twisted. Let me ask the question and see what happens. If more information is needed, I'll explain where I'm coming from on this. Can a Windows prefetch file be a vehicle for malware? That is, can malware be inserted into a prefetch file so that that malware could then be "used" to damage, etc a system? My reading says No. Prefetch files contain data,not code, and are never "executed." And I've also seen entries on the immunet.com forum - such as: http://support.immunet.com/index.php?/topic/242-default-exclusions/?hl=prefetch which seem to say that prefetch files cannot be dangerous and are actually excluded from their scanning. So - can a prefetch file, or more generally, a file with file name extention .pf be used by a "bad" guy to make an attack? And to add a twist to the question - could such an attack, if possible, be used against web sites on a shared Apache server installation on a system running Linux? Bob
  2. Thanks for the reply. But if the file only contains information which Windows uses to launch an application faster the next time it is started, how could an anything injected into the file cause any problems. That post I referred to http://support.immunet.com/index.php?/topic/242-default-exclusions/?hl=prefetch%C2%A0 says that prefetch files are excluded from the scan. The reason given is: "2) We exclude things that take long time to scan with no protection benefit. An example of this is %WINDIR%\Prefetch. The Prefetch folder is internal for windows processes and the files are somewhere else on the disk.." I take that to mean that there is no point scanning a prefetch file because it provides no protection because no harmful injection can be done. I assume that if the data is corrupted, Windows will simply find it to be an invalid prefetch file and would delete it and create a new one. The reference to the files being somewhere else means, I think, that the actual executable files are elsewhere. As for Linux, personally I can't conceive that there would be a danger, but as I can't say a definitive No, I asked the question.
  3. Thanks for the information but it raises some questions - if the exploit is delivered via a self-extracting zip file, would not that mean: 1 - you'd have to first download the file? 2 - you'd then have to "execute it?" - the self extracting files my version of WinZip creates are exe files 3 - would you not then have to take some steps to execute the .js applications. These are thing that a savvy use would not do - correct? If I download executable software, it is from the author's site or a verified download site. Then I scan it with up-to-date copies of AVG and MalwareBytes - I'm thinking of adding another scanner or two to my arsenal. And, if I have any doubts, I'll send it through some of the online multiple scanner sites. Can site download and execute a file without my knowledge or without me having to actually start, or approve, the download? Yes, I know that the vast majority of computer users lack the necessary training (or are they trainable?) to venture forth onto the WWW but I can only teach those I can contact and I try to do so with those I can contact - clients and friends and even strangers. Local news in St. Louis reported, a couple of weeks ago, about a school secretary who came in one morning and found randsom-ware on her computer. They interviewed an "expert" who basically said "Don't open attachments to emails from people you don't know." Yes, he seems to be a tad less than "expert" about it given that online email accounts get hacked all the time and scammers then use them to send messages to all receipients in the account's address book hoping somone will fall for their scam thinking it is from someone they know. You know - "This is Stan. I'm in Mexico and all my money and my passport were stolen and ....." I'm trying to contact that "expert" but have not found him yet. The "news" piece was useless. At the end, they have a short clip, maybe 8 seconds long, where the secretary says "Well, it said invoice, so I clicked on it." And that clip seemed to be added in to fill time because they did not address her comment - as I recall, the next thing you heard was "This is so-and-so reporting from...." Bob
  4. If I were to explain why I'm asking this question, you would have a lot to read - it is rather involved and twisted. Let me ask the question and see what happens. If more information is needed, I'll explain where I'm coming from on this. Can a Windows prefetch file be a vehicle for malware? That is, can malware be inserted into a prefetch file so that that malware could then be "used" to damage, etc a system? My reading says No. Prefetch files contain data,not code, and are never "executed." And I've also seen entries on the immunet.com forum - such as: http://support.immunet.com/index.php?/topic/242-default-exclusions/?hl=prefetch which seem to say that prefetch files cannot be dangerous and are actually excluded from their scanning. So - can a prefetch file, or more generally, a file with file name extention .pf be used by a "bad" guy to make an attack? And to add a twist to the question - could such an attack, if possible, be used against an Apache server instaltion on a system running Linux? Bob
×