malware - Can a virus "attach" to an executable?
2014-07
Omega
My understanding is that a virus is an executable - and thus it needs to be executed to do anything. When you execute a virus (program), the process will be able to do whatever malicious thing it is supposed to.
I've been reading an answer, and this part:
Virus, on the other hand, need an executable image to spread within a system. They will spread to other executables within the same computer (they will attach themselves to those executables which become infected and able to spread the virus). And they spread to other computers as these executables are passed to them by any means (download, on a CD or floppy disk) and executed.
Spread to other executables? So if a virus spreads into my Photoshop executable, running Photoshop in the future will effectively execute the virus code? Essentially rendering my Photoshop program into a virus on itself?
I have never seen this sort of behaviour before - if it is true? (If yes I'll ask at SO how)
private_meta
Yes, viruses can attach themselves onto an executable. Maybe they wrap around the original application, or they just attach themself to some jmp location, but as you said you might be better off asking at SO how to do that.
SMR
yes it is true. I have seen tools (ProRat I guess) which can merge virus code to EXEs but I have no Idea how to do it programmatically.
JSerpentain
Both guys (SMR and private_meta) are right. I would like to only append, that some .exe's won't run, if they are corrupted by some kind of injection (which is particulary virus code injected) or strange pieces of code - they will provide application error and crash.
However, not all .exe's are so "smart"...
flyer88
I have been reading here (in superuser) some questions about the necessity of antivirus software in Windows and some doubts arise.
As far as i know (and imagine) virus software can only be harmful if I download any type of infected executable file and then I RUN IT. I mean that if i have the infected executable in my desktop but i leave it there for years without clicking it, I won't be in danger...
My question is: How can i be in danger browsing the so called "malware pages or sites"??.
If i am just browsing an "infected site" how could I be affected by a virus. In any moment the browser is asking me for the permission to download "something", so how could it be?? Although i don't give permission to the browser to download 'something' is data being downloaded to my computer?? Its some kind of cookie?
I will ask in another way... What is the level of riskiness if i get infected in a malware site compared with the level of an executable virus??
William Hilsum
There are not that many sites that you can get a virus simply by viewing, however there are a few that try to exploit holes in a computer - for example, a while ago there was a nasty one where just viewing a special picture could allow someone to install items on your hard drive (In Windows).
The main reason for the software / services that block visitors to pages is simply to stop the nasty pages that serve no legitimate purpose. For example, there are quite a few "fake antivirus" type websites that the only reason for them to exist is to pretend to be a dialog box and get people to download from them. So, why bother letting people go there at all!
In the above, you are correct that you can only get affected if you actually download and run the software, but why risk it or let it go that far when you can prevent people from visiting all together... For example, I remember some sites that tell people to ignore the warnings, click accept and/or give instructions on how to load addons through the bar in Internet Explorer - it just makes sense to stop people before they are even at the page.
Typically just like email, there is low risk just from viewing, there are a few things that this is not true such as holes in Adobe, Flash and a few other programs, but just don't run .exe or similar files from people or places you do not trust (and even if you trust, take caution!)
geek
Browsers are computer programs as well, somethimes they have vulnerabilities. Sometimes these vulnerabilities allow bad guys to get their exploits executed without your explicit confirmation (for example, you get that code as JavaScript when visiting a malware site and don't have something like NoScript).
I've always thought that a well-designed operating system can survive without an antivirus. The purpose of an antivirus is to close up some holes in the OS security (holes which a good OS ideally must not have).
Also bear in mind that security is a process. So just running an antivirus (or even more than one, yes, some people do that and feel "safer") and blindly relying on it won't help too much.
I'd say that following some simple rules are more important than running an antivirus:
- do not work permanently using an Administrator/root account. Use the superuser only when you can't achieve a certain goal as regular user
- have a sane firewalling policy. This assumes you know the basics of TCP/IP and you know them reasonably well
- monitor what's happening inside your system, what's changing
Chris Tarazi
Well when u browse through malicious websites some of them have something called "drive by downloads" which finds an exploit through ur browser and/or OS. The drive by downloads dont ask for permission, they just simply download.
To answer ur second question, it all depends on the malware being downloaded and running. The level of riskness of visiting malicious websites is a 10 unless u have a decent antivirus.
Hope I answered ur questions correctly.
Don Salva
You can't as long as you use Firefox with AdBlock and NoScript. With the correct settings of course. Of course with some common sense.
NoScript is the key though. As most malware (sites) use some sort of script to install themselves on your computer, NoScript, by default, blocks every script possible.
And since NoScript is open-source it is continuously being tweaked and tuned so it can outsmart the newest threats.
It takes some time to fine tune it (allowing specific scripts, so some sites may function properly).
You can take it to the next level and get Comodo Firewall and Avira Antivir coupled with SpyBot (especially its immunize function).
Although no software can beat the common sense, if you are stupid, then you are stupid and no software will protect you.
With the software above I haven't had any malware nor virus, worm, trojan or keylogger infest my computer in a very, very, very long time.
Though I often fell for links containing keyloggers, when I was playing WoW and the WoW forums were running mad with kids posting keylogger-links. Nothing happened to me, ever.