Question About Windows Prefetch Files - I Also Asked This On The Clamav Fourm

[Bobn]

I asked this on the Windows ClamAV forum but I think this forum and that one are different enough, as regards readership, that it might help to ask the question here. Let me know if this is inappropriate and that readers of either forum would see it posted in just one of  them.

****************************************************************************

If I were to explain why I'm asking this question, you would have a lot to read - it is rather involved and twisted.

 

Let me ask the question and see what happens. If more information is needed, I'll explain where I'm coming from on this.

 

Can a Windows prefetch file be a vehicle for malware?

 

That is, can malware be inserted into a prefetch file so that that malware could then be "used" to damage, etc a system?

 

My reading says No. Prefetch files contain data,not code, and are never "executed."

 

And I've also seen entries on the immunet.com forum - such as: http://support.immunet.com/index.php?/topic/242-default-exclusions/?hl=prefetch which seem to say that prefetch files cannot be dangerous and are actually excluded from their scanning.

 

So - can a prefetch file, or more generally, a file with file name extention .pf be used by a "bad" guy to make an attack?

 

And to add a twist to the question - could such an attack, if possible, be used against web sites on a shared Apache server installation on a system running Linux?

 

Bob

[ritchie58]

The only way the prefetch files, in my view, can be used maliciously if the program that the files are associated with is a malicious or compromised (in some manner) third-party software program. I think that's where I would look first (installed software) if I suspected that was the case.