検索:
ホーム   »     »   On WORM_GREW.A’s attachment

On WORM_GREW.A’s attachment

  • 投稿日:2006年1月18日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

What is particular with this malware is the use of MIME-encoded data as its attachments aside from the usual executable types. The usual executable types of filename extensions that most of the malwares use are .exe, .scr, .pif, and etc. Now, aside from using the usual extensions, it also makes use of the following MIME-encoded data file extensions.



  • .b64
  • .BHx
  • .HQX
  • .mim
  • .uu
  • .UUE
  • .XxE


Inside these MIME files is a file with the usual executable extension with the usual-malware-trick, a lot of spaces, before the real extension.


What goes into my mind upon knowing the fact that it uses MIME-encoded files as its attachments is the security issue that exists on Winzip versions prior to 9.0 SR-1.


When providing long strings to certain parameters of MIME archives (.mim, .uue, .uu, .b64, .bhx, .hqx and .xxe extensions)…


A buffer overflow will occur.


An attacker could attempt to use this buffer overflow to create a file that would execute malicious code of their choice when the file was opened by an earlier version of WinZip. The attacker would have to give the file one of the affected extensions, and would then have to trick you into opening the file; for example, by sending it to you as an e-mail attachment.


But, at least it was not the intention of the author. If that happens, large number of infections will occur considering the fact that these MIME-encoded data files are supposed to be like ‘container’ files and not ‘executable’ files. On that case, many users even the average users might be fooled to double-click the MIME-encoded data files, which will result to the automatic execution of the malicious file inside the MIME file, if and only if they are using the affected versions of Winzip.


References :
WORM_GREW.A Details
WORM_GREW.A Solution
Winzip
WinZip MIME Parsing Buffer Overflow Vulnerability


No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2018 Trend Micro Incorporated. All rights reserved.