Clean file transfered over net to other clean machine infectable in route?

  • Thread starter Thread starter see.my.sig.4.addr
  • Start date Start date
S

see.my.sig.4.addr

Just had a thought: what if you transfer a file you know is virus free
(say thru email) to another machine, can it become infected just in the
transmission process if any server it passed thru was infected?
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just had a thought: what if you transfer a file you know is virus free
(say thru email) to another machine, can it become infected just in the
transmission process if any server it passed thru was infected?
Click to expand...

In theory yes, certainly.

You could send it over with a PGP signature which would help confirm it's
integrity once at the infected machine.

http://www.gnupg.org/
The Gnu Privacy Guard

Cheers,


Adam.

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCmOpT7uRVdtPsXDkRAlxfAJ9dKmDqUAdLJEGMEj7YRYBNeJcmNQCfUgYo
LwUuLEQx69GHTP74PVDeHag=
=TNdk
-----END PGP SIGNATURE-----
 
Just had a thought: what if you transfer a file you know is virus free
(say thru email) to another machine, can it become infected just in the
transmission process if any server it passed thru was infected?
Click to expand...

Very unlikely. E-mail travels as ASCII text, and the server would have
to be infected with something capable of decoding 'attachments' -
infecting certain types of executable 'attachments' - and re-encoding
them before sending them along. Then you also have the difficulties of
'infecting' the servers which as a rule shouldn't be executing any
foreign content.
 
Just had a thought: what if you transfer a file you know is virus free
(say thru email) to another machine, can it become infected just in the
transmission process if any server it passed thru was infected?
Click to expand...



You must be looking for Alt.Virus.Theory ?

and if a tree falls in the woods and nobody is there to here it does it make
a noise ?

and what is the sound of one hand clapping ?
Grin...

Mich...
 
Hear... LOL !!!


Mich said:
You must be looking for Alt.Virus.Theory ?

and if a tree falls in the woods and nobody is there to here it does it make
a noise ?

and what is the sound of one hand clapping ?
Grin...

Mich...
Click to expand...
 
You must be looking for Alt.Virus.Theory ?

and if a tree falls in the woods and nobody is there to here
it does it make a noise ?
Click to expand...

"If a man is in a forest, and there's no woman around to hear
him, is he still wrong?"
 
... As viewed from alt.comp.anti-virus, Mich wrote:
...
... >>Just had a thought: what if you transfer a file you know is
... >>virus free (say thru email) to another machine, can it become
... >>infected just in the transmission process if any server it
... >>passed thru was infected?
...
... >You must be looking for Alt.Virus.Theory ?
... >
... >and if a tree falls in the woods and nobody is there to here
... >it does it make a noise ?
...
... "If a man is in a forest, and there's no woman around to hear
... him, is he still wrong?"

Yes.
 
From: <[email protected]>

| Just had a thought: what if you transfer a file you know is virus free
| (say thru email) to another machine, can it become infected just in the
| transmission process if any server it passed thru was infected?
| --
| _____________________________________________________
| For email response, or CC, please mailto:see.my.sig.4.addr(at)bigfoot.com.
| Yeah, it's really a real address :)

I don't see that happening. Email uses store and forward and the attachments are encoded.
For the "file" in question to be infected, the email server storing the email message would
have to have a virus specifically running as a process of the email server within the
application. It would have to know exactly what that application is and be a integral part
of that application. It would have to extract the attachment, which is encoded, infect the
file then re-encapsulate the attachment into the body of the message and fit that message
back into the queue. That queue may have designated just enough space to fit the original
message, the modified message would undoubtedly be larger and thus not fit back in the
queue's allocated space.

To my knowledge, there is no virus that can do this.
 
arranged some electrons, so they looked like this :

... As viewed from alt.comp.anti-virus, Mich wrote:
...
... >>Just had a thought: what if you transfer a file you know is
... >>virus free (say thru email) to another machine, can it become
... >>infected just in the transmission process if any server it
... >>passed thru was infected?
...
... >You must be looking for Alt.Virus.Theory ?
... >
... >and if a tree falls in the woods and nobody is there to here
... >it does it make a noise ?
...
... "If a man is in a forest, and there's no woman around to hear
... him, is he still wrong?"

Yes.
Click to expand...


LOL !!

Dave it's saturday night, do you ever lighten up ??

Mich...
 
Roger said:
Very unlikely. E-mail travels as ASCII text, and the server would
have to be infected with something capable of decoding
'attachments' - infecting certain types of executable
'attachments' - and re-encoding them before sending them
along.
Click to expand...

I don't know how other SMTP software works, but we have some old
software (Post.Office) running our e-mail. It separates the body and
header of incoming e-mail into their own files (in plain text) in each
user's separate directory where they sit until retrieved via pop-3
access. Norton anti-virus (any version works equally well) scans the
whole machine (including these directories) twice daily and frequently
intercepts viruses stored as mime or ASCII attachments and quarantines
them. Recipients end up retrieving blank e-mails (ie no body) in
these cases.

I don't think the issue here is that a virus would decode and
surgically implant malware into an intentional attachment. Most legit
attachments are images of some sort (jpeg usually) and implanting
executable code into a jpeg (and not changing the file's name or
extension) wouldn't seem to have any effect beyond screwing up the
image. Some legit attachments are .pdf, .doc and .xls, and again the
virus would have to have built-in knowledge of what to attach to those
files to render them harmful - and then wait until any such e-mail
(with a legit file attached) passed through the system.

Remember that there have been exploits on web servers where harmful
script was attached to pages served up by infected web farms directing
the browser to malware. It's not hard to imagine that a similar
infection on an SMTP server could result in a viral attachment being
added to every ->legit<- e-mail being sent or received by the server.
Much more effective (for viral distribution) if malware comes attached
to an e-mail coming from someone you know, or are expecting,
especially if the body of the e-mail is part of a legit e-mail dialog.
 
Virus Guy said:
I don't know how other SMTP software works, but we have some old
software (Post.Office) running our e-mail. It separates the body and
header of incoming e-mail into their own files (in plain text) in each
user's separate directory where they sit until retrieved via pop-3
access. Norton anti-virus (any version works equally well) scans the
whole machine (including these directories) twice daily and frequently
intercepts viruses stored as mime or ASCII attachments and quarantines
them. Recipients end up retrieving blank e-mails (ie no body) in
these cases.

I don't think the issue here is that a virus would decode and
surgically implant malware into an intentional attachment.
Click to expand...

No, but that was the question asked. A virus wanting to infect a certain
filetype would have to decode enough of the attachment to determine from
its header if it is of a type it is capable of infecting - and then
decode more to see if it is infectable by the viruses own infection
routine i.e. is there enough space for cavity infection or is the
filesize adequate (for those viruses that try to avoid little goats).
Most legit
attachments are images of some sort (jpeg usually) and implanting
executable code into a jpeg (and not changing the file's name or
extension) wouldn't seem to have any effect beyond screwing up the
image.
Click to expand...

Yes, way too much work being done for too little successful infections.
Not a very likely thing for a virus programmer to spend time on - and
also there is the fact that the 'infector' must be running on the server
as well.
Some legit attachments are .pdf, .doc and .xls, and again the
virus would have to have built-in knowledge of what to attach to those
files to render them harmful - and then wait until any such e-mail
(with a legit file attached) passed through the system.
Exactly.

Remember that there have been exploits on web servers where harmful
script was attached to pages served up by infected web farms directing
the browser to malware.
Click to expand...

Yes, but the OP basically asked about the integrity of the 'attachment'
not the e-mail itself.
It's not hard to imagine that a similar
infection on an SMTP server could result in a viral attachment being
added to every ->legit<- e-mail being sent or received by the server.
Much more effective (for viral distribution) if malware comes attached
to an e-mail coming from someone you know, or are expecting,
especially if the body of the e-mail is part of a legit e-mail dialog.
Click to expand...

Yes, but the OP asked about a clean file transferred as an attachment
being 'infected' enroute. As you say, it would be trivial to add script
to an e-mail as both the e-mail and the script are ASCII - but to
actually infect the attachment is another matter.
 
Back
Top