Hey Subba, Well I don't necessarily have any citations, but that's a problem that's plagued programs since they basically existed - the separation of data and code.
If you examine both code and data on a hard drive, they are the /exact/ same. A collection of bytes. Depending on the context it is up to either the operating system, or the individual program itself to make that distinction, but it's mostly the program. The problem lies in when you find an unmetered buffer, double free()'d buffer or some other way to corrupt memory and manage to re-direct execution flow. When this happens it is very much possible then to make your own interactions with the underlaying OS (thus making network connections or changing files), although things like apple's sandbox, the NX bit, ASLR, and DEP make it very much more difficult to actually interact with the os and run your own shellcode, but these systems aren't perfect. They have their flaws too, and can be bypassed with a number of methods (stack bruteforcing on 32 bit machines, return-oriented programming, etc) It is very possible to write malware for /any/ platform, be it a cell phone, a switch, or a control system. As for malware inside media files, I suppose that would be possible as well, I myself have a number of crashes in libavcodec with the FLV file format, and have yet to attempt to write any exploit code for it. There's lots of weird math to corrupt, and sometimes that DOES mean exploitable bugs, but of course sometimes it doesn't. In my experience though, I have never seen a bug that would trigger an exploit who's movie file actually plays after that. Usually it crashes the program when you re-direct execution flow, although depending on how the exploit was written I suppose it would be possible to repair the corruption and jump on the right path again, but that's usually way more sophisticated then people are willing to go when writing exploits. I guess I'd say look at comex's PDF exploit, and sandbox escaping for the Iphone, or as it was commonly referred - jailbreak.me. (http://www.f-secure.com/weblog/archives/00002002.html) These were very real vulnerabilities that could very well have been modified to do anything on a victim's phone, from stealing the sms database, reading emails, to placing premium phone calls! Thankfully comex wasn't doing anything malicious, and just wanted to jailbreak people's phones for them. I hope it helps! Ryan Sears ----- Original Message ----- From: "Subba Rao" <[email protected]> To: "Pauldotcom" <[email protected]> Sent: Tuesday, January 25, 2011 2:27:48 PM GMT -05:00 US/Canada Eastern Subject: [Pauldotcom] Embedded Malware I am having a serious discussion with one of my colleagues about embedded Malware. In our discussions, I have told him about about Malware in AVI and other media files which get spread from P2P networks etc. His argument is that Malware inside a media file is considered data. When you play the file, the application treats it like data and it should not effect the OS. His argument was not too strong but I need some information to show that embedded malware can be lethal to the OS. Any pointer in this subject area? Thank you in advance. Subba Rao _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
