Questions tagged [malware]
Malware is any software application which subverts the will of the legitimate owner of a computer, by means of force or subterfuge, with or without personal or monetary gain on the part of the creator.
2,549
questions
1
vote
1
answer
90
views
How to update BIOS before BIOS infected Host reinfects BIOS?
I learned about the BIOS being able to be written to by malware. It reminded me I have a used laptop that performs noticeably slower than any comparable devices, so I went ahead an downloaded BIOS ...
1
vote
0
answers
60
views
GPU Firmware Infections through AUTOMATIC1111 (StableDiffuision)?
I would like to ask a question about a strange incident that occurred as a result of using the StableDiffusion tool AUTOMATIC1111 (https://github.com/AUTOMATIC1111/).
Here's what happened: I used the ...
1
vote
0
answers
31
views
what snort rules can detect covert channels?
I'm new to snort. I'm trying to set up rules in snort to detect the presence of covert timing channels. Ideally, I would like to use pre-made rules like the snort community rules.
So far, I've found ...
1
vote
0
answers
99
views
Can anyone decipher this .BAT malware? [closed]
Its a 3.37MB batch file. When opened in Notepad/++ it's all Chinese and some unknown characters. It's still remaining largely undetectable despite being launched in the wild more than 2 days ago, ...
1
vote
0
answers
46
views
Jump-Oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another?
Jump-oriented Programming: Why is it better/easier to jump to the dispatcher gadget than to jump from one functional gadget directly to another functional gadget?
My understanding of JOP:
In jump-...
0
votes
0
answers
26
views
Jump-Oriented Programming: Harder than ROP because the registers need to be prepared individually? + Turing complete, but large overhead/slow?
Full title: Jump-Oriented Programming: Is it harder than traditional return-oriented programming because you need to manually prepare all the addresses and registers or is there a different reason?
...
0
votes
0
answers
60
views
How to harden VMware for malware analysis? [duplicate]
I’m looking for answers specific to VMware Workstation Pro 17.5.2. in 2024, not answers about other VM softwares.
On Windows 11, how can I harden a VM in VMware Workstation Pro 17.5.2 so that malware ...
0
votes
0
answers
10
views
Can signing into a compromised account on a new device infect the new device? [duplicate]
Can signing into a gmail account that was compromised/hacked infect a new device? (Account was compromised on one device, and a new device is used to sign in).
What about for other accounts, like ...
2
votes
1
answer
83
views
What are the infection risks for a SMB/Samba file share from an infected client PC?
I have a PC on my home network that I consider potentially infected by exposure to an untrusted program from the internet. (Antivirus detected nothing, and the PC runs fine, but I'm choosing to err on ...
27
votes
4
answers
8k
views
How long does malware last "in the wild"?
I watched this YouTube video where the uploader connected a Windows 2000 virtual machine directly to the internet, no NAT or firewall.
Within minutes, his VM is infected with malware, the overwhelming ...
1
vote
2
answers
124
views
Backdoor:PHP/Webshell.O virus detected in an uploaded image file. Should I be worried? How can I prevent it?
I have a site which allows users to upload images. One uploaded file was recently detected by antivirus software (uploads aren't scanned, this was a system wide scan after)
Upon upload, I check the ...
0
votes
1
answer
145
views
Can a USB stick be made to automatically hack a system?
I am a cybersecurity professional who is interested in researching the field of injectables.
Does a device exist, or can be made, that if plugged into a computer would instantly start attacking the ...
1
vote
3
answers
214
views
Can my phone got infected if visit my mail inbox without opening any mail attachments?
I've found some articles saying some viruses/malware can attack your device by just opening an email without downloading or opening any attachments.
Is this true?
If yes, how risky for ordinary mail ...
0
votes
1
answer
117
views
Why Ransomware generate keypair in victim?
I read this answer Ransomware encryption keys and understood how wannacry works. But I still have a question: as I understand, the hacker will put the hacker's RSA public key in the malware, the ...
0
votes
2
answers
144
views
Clean wipe of USB stick of any hidden codes
If I purchase a supposedly brand new USB stick (or micros SD, or similar portable storage devices) online, and I don't quite know the origin where they are produced, and I am a bit paranoid, is there ...
7
votes
1
answer
400
views
Why did the xz-tools attacker put so much effort into hiding the malware when they could manipulate the tarball?
With all the discussion about the xz-tools supply chain attack on the Linux distros, what confuses me:
As stated here or on the infographic here, the attackers worked their way to becoming trusted ...
0
votes
0
answers
64
views
Can my VPN hide my IP address so I can test malware? [duplicate]
I heard that VPN could mask your IP address, but is this perfectly secure? I am trying to open up what I suspect to be malware on a VM, and I obviously don’t want it to be sending my real IP address ...
11
votes
1
answer
452
views
XZ compromise and consequences for people having used it
Here's a hot topic:
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://lwn.net/Articles/967180/
https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@...
1
vote
0
answers
133
views
Malware in a PDF
I opened a PDF yesterday.
How large would a PDF be that has malware? The one I downloaded was approximately 5 MB.
If I opened the PDF on a browser, would the browser be infected?
For some context: I ...
1
vote
1
answer
135
views
Does PDF level compression implicitly cleans file of malware?
Recently I've been looking into PDF files security, specifically about malware exploiting vulnerabilities in PDF readers. I thought about one thing - does compressing PDF file (for example, by using ...
0
votes
0
answers
33
views
Is my home network infected? [duplicate]
Today, my family brought me a quite old laptop (it had Windows 7 Enterprise from around 2009). When I tried to turn it on, it was already complicated because I got a black screen with options, but the ...
0
votes
1
answer
115
views
Can an Azure template contain a virus, a backdoor or malware?
Sometimes you can find projects on the internet that can propose you to import a template to Azure, like this one.
You have a button and if you click it allows you to deploy:
Then you go through the ...
0
votes
1
answer
88
views
How dangerous is this suspicious PHP code? [closed]
I found this code on my web server in /wp-content/uploads/2023/index.php:
$hello_dolly[]='b8f878fc41d0fd3c';
$hello_dolly[]=$_POST;
$hello_dolly[]='color';
if (isset($hello_dolly[1][$hello_dolly[0]])) ...
0
votes
0
answers
106
views
If you encrypt an entire USB with Veracrypt can malware be put on the USB while encrypted?
Let's say that you take a USB drive and encrypt the entire thing with Veracrypt. Could someone modify that USB drive to include malware on it? This is not assuming that physical changes to the device ...
0
votes
1
answer
164
views
How to check whether a printer driver is malicious or not
While downloading a printer driver from the company's website, redirected to a google drive link. Google warning says it could be malicious.
The company is MEPL- based in India, but it is using a ...
0
votes
0
answers
155
views
Is it possible to infect a monitor via HDMI plus Ethernet [duplicate]
I caught a virus because of an exe file I downloaded to my computer last week. I am replacing my modem, graphics card, motherboard, processor, ssd and ram components with new ones. What are the ...
0
votes
0
answers
89
views
Possible to supply IKEA Tradfri with Malware? (How to detect / remove)
Maybe I'm overly cautious here, but I bought a 2nd hand IKEA Tradfri lightbulb. The package was opened so whoever owned it before had access to the bulb itself.
My question is: Am I too cautious ...
1
vote
0
answers
81
views
Streamer Virus on offline network [closed]
I have an offline network with 200 users. and routers, switches, 4 esxi servers and 1 netapp rack.
After about a year, my team found out that we have a virus in the network called streamer.exe that ...
0
votes
1
answer
299
views
Is malware less prevalent in the Apple App Store compared to the Google Play Store?
I was searching for reports about malware on the Apple App Store and only found minor ones (at least from a user's perspective) on the first few Google search results.
Doing the same search for the ...
1
vote
0
answers
64
views
WinAPI legit usecase for setting PPID
I am studying malware development right now (exclusively WinAPI) and reached the topic of PPID spoofing. I understand the concept and why it is useful, however I do not understand why is it possible ...
0
votes
0
answers
112
views
Very frequent calls to same Windows API function by malware
Here I have a malware sample that calls RegQueryValueEx quite frequently, without any time interruption. And as we can see, the result is quite often "BUFFER OVERFLOW". In another topic I ...
0
votes
1
answer
233
views
Can double-clicking an infected .xlsx file infect me if it crashed?
I downloaded an Excel (.xlsx) file from the internet.
Then I tried to open it by double-clicking on it.
But it suddenly crashed.
Could this mean it could've contained a virus or malware?
0
votes
3
answers
126
views
Network knowledge in malware analysis
I asked an experienced person about the needs of malware analysis. He told me:
"Learn x86, C/C++, Win32 API, Windows internals, PE file structure basics... Then when you are comfortable with ...
0
votes
1
answer
185
views
Is an antivirus needed for linux home usage when there is exchange of files with other OS e.g. Windows?
I was under the impression that an antivirus for Linux makes sense only for installing in business computers. Checking Norton/BitDefender/Karpesky I don't see any Linux option for the first or any non ...
0
votes
1
answer
148
views
How are virus or exploits tested without being detected?
I was wondering how threat actors actually test their exploits without them being automatically detected and added to the library of an antivirus detection system, thereby being marked as useless and ...
0
votes
0
answers
82
views
What types of attacks can MFA using an hardware authenticator prevent?
I recently looked into the topic of MFA in combination with some hardware authenticator (USB keys like Nitrokey/Yubico) to potentially improve the overall security of my digital daily activities (web ...
1
vote
2
answers
182
views
How does malware work when compressed?
I have read up on compressed folders of file types such as .zip, .rar and .7zip being the malicious file itself (excluding cases such as an .exe file being disguised as a .zip file etc...), only ...
0
votes
1
answer
219
views
ScyllaHide DLL Injection
When I try to perform a DLL injection with ScyllaHide in x32/x64 dbg, then it crashes for some reason, is this a bug? Both with stealthy injection as with normal injection, the program crashes when I ...
0
votes
0
answers
25
views
microsoft bitlocker copy data in background [duplicate]
I use microsoft bitlocker encryption all my disks. Some day, maybe I click on a phishing email and my computer be hacked. Hacker sends my data to his server. Is the data encrypted or plaintext in his ...
1
vote
0
answers
115
views
Suspicious new folders with chaotic jpg,sql,doc,txt and doc files
I found several new folders, each containing 10 small files with random content ( a chaotic picture, an rtf of random letters, a corrupted doc file etc...), all the files were created at the same time,...
1
vote
2
answers
378
views
How to determine which Chrome extension is re-directing me to ad sites
Twice now, seemingly randomly, I've been redirected to an ad site.
I believe it has occurred both times when I have a new tab open, type what I'm searching for (Google is my default search engine), ...
0
votes
1
answer
149
views
How many parts of an average laptop can be compromised? and how to confirm they are not?
The majority of virus/malware is stored and persists on the hard drive, Therefore by formatting the hard drive or re-installing the operating system, the virus is removed.
However, the average laptop ...
2
votes
1
answer
113
views
How to detect a malware which is fragmented across multiple packets
How can we detect a malware which is fragmented across many packets , do we have to do some prefix /suffix matching kind of approach?
Does tools like snort,Suricata support this ?
1
vote
1
answer
153
views
Can malware detect memory dumping?
Morning, I recently had need to check for malware on my PC by dumping the memory and searching for unwanted processes which could be malware, my question it's, is it possibile for malware to detect ...
1
vote
1
answer
204
views
Does Python in Excel have the same Security issues as VBS in Excel?
Microsoft Excel supports Python scripts (source).
VBScript Macros within Excel are known to be a security risk (source). If I read this emotet article right, then VBScript macros allow arbitrary code ...
1
vote
1
answer
2k
views
Can malware be contained in an image sent via WhatsApp?
I went online with a new WhatsApp account earlier (with a new number), and the first thing that happened was that I received a threatening message from a number with an ISD commonly used by scammers ...
2
votes
0
answers
279
views
WordPress site hacked [closed]
We got hacked.
Our setup:
DigitalOcean VPS, Apache, multiple domains & WP websites, Elementor Pro, hopefully safe plugins.
Known facts:
It's phishing.
The virus infects all the websites on our ...
1
vote
0
answers
119
views
Can a file contain a virus that an antivirus cannot detect? [duplicate]
Suppose that I have an external storage (such as a USB memory stick or an SD card) which contains some files (such as documents or images).
Suppose that I am running an antivirus which scans drives ...
0
votes
0
answers
48
views
Can you be tracked while using a vpn? [duplicate]
Can you be tracked even with a vpn? If a sophisticated eithical hacker really wanted you will a vpn save you?
1
vote
0
answers
113
views
I clicked on a suspect link, whose base url was live (dot) tvstreaming4k (dot) com, during a live event. Is this a threat? [duplicate]
Edit: It has been observed that my question may already have an answer here How to check whether a link is safe or not? [closed] and here How do I safely inspect a potentially malicious website?. Even ...