[Full-disclosure] DLL hijacking with ZIP files in email?
The essence of DLL hijacking is to deliver an innocent file together with a malicious DLL, in the one directory. Would it be possible to do this via email: a ZIP (or similar) archive containing the two files? Thoughts about this? I know that an emailed ZIP is searcheable by desktop AV systems; but the signature-based AVs forever play catch-up with the attacks in the wild. Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DLL hijacking with ZIP files in email?
On Wed, Sep 1, 2010 at 2:05 PM, paul.sz...@sydney.edu.au wrote: The essence of DLL hijacking is to deliver an innocent file together with a malicious DLL, in the one directory. Would it be possible to do this via email: a ZIP (or similar) archive containing the two files? i don't know of a way to do this with ZIP archives. the daemontools / easycd / related tools which automount ISO and other archive images as drive letters on the host are vulnerable. autorun on/off may add insult to injury with such services... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] DLL hijacking with ZIP files in email?
if you email a web page, tipically all files are unzipped when the user double clicks on any .html file but I still don't see this as something drastically different from double clicking on exe files... On Thu, Sep 2, 2010 at 12:45 AM, coderman coder...@gmail.com wrote: On Wed, Sep 1, 2010 at 2:05 PM, paul.sz...@sydney.edu.au wrote: The essence of DLL hijacking is to deliver an innocent file together with a malicious DLL, in the one directory. Would it be possible to do this via email: a ZIP (or similar) archive containing the two files? i don't know of a way to do this with ZIP archives. the daemontools / easycd / related tools which automount ISO and other archive images as drive letters on the host are vulnerable. autorun on/off may add insult to injury with such services... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/