can malware disguise itself as a legit doc,xls, or pdf file?

There are many types of buffer overflow, I’m not sure which ones that product covers.

A good quality,correctly configured HIPS should negate the threat of buffer overflows.

And a good quality well educated end user (-:

I’m not sure about that statement, I would like to know how that works??

I believe it’s achieved by memory address randomisation.

Whilst this doesn’t make a buffer overflow attack impossible it negates the threat of generalised malware,requiring a specifically targetted attack to an individual machine.

I’m not sure which method is employed by CPF3 but Melih spoke as if buffer overflows will be a thing of the past (V)

CMG protects against stack, heap and ret2libc :wink:


Since CMG will be integrated into CPF3 looks like the bases are pretty well covered then. (:WIN)

so far i know that there are several ways for malware to attack comp :

  1. executable file (.exe,.bat),
  2. Buffer Overflow
  3. Alternate data stream/forks

anybody wanna add something to the list? and make a conclusion + how we can avoid such attacks?


  1. Pull the plug (takes cares of the dangers of the internet).
  2. Gather a hammer (takes care of your PC).
  3. Or install CFP3, which will does the above without requiring any hardware or physical equipment. The future version of CFP will include CMG, which will further strengthen the first v3 final.

The way to avoid many such attacks would be to run your web browser within a sandbox,Bufferzone or sandboxIE for example.The authors of Bufferzone even have an offer on their website to pay $500 for any example of malware that can bypass the sandbox.

Of course that only protects against ‘drive by download’ type infections,any files downloaded and allowed to run outside the sandbox could still contain malicious code.This is where a combination of Signature/Heuristic/Behavioural monitoring applications such as a good AV ,HIPS and Firewall are essential.

Alas 100% protection isn’t really possible but it can come close if people are very careful about what they’re downloading onto their drive.By avoiding dodgy warez and P2P downloads the threat can be kept to a minimum.

i am careful! veryyyyyyyyyy careful. and still got this (attached)

i’m gonna buy a hammer, a big one ;D .
well, i think CFP 2.4 + CMG ===> almost CFP3 8)
but my concern is this “there are malware that contains the exact same filenames and paths of once-legit files”
how can i know the email sent to me contain this type of attachment ??? bloody malware!

[attachment deleted by admin]

You’re still here…typing away in this forum. It’s a good sign your system hasn’t been compromised that way, Ganda. I hope this post will provide you with a good night’s sleep (3 hours max. though)

Ganda when i get into my over protective mood i scan my computer with a couple online virus scanners like Nod32 and F-secure. It helps me sleep at night knwoing no one has infected my computer and are not stealing any of my information :slight_smile:

i wanna keep the “hasn’t been” status ;D

why 3 hours ;D


Address randomization is a way, I have seen glimpses of very complex attacks against vista which uses Address randomization. I feel once people put more time, effort and brain power into the problem, a new form of exploit will present itself.

Found the documents I had originally read, nothing is secure. Scary stuff.

I have 2 more but they will not be posted.

That’s very true,as long as there’s so much money to be made out of malware it’s a certainty that new threats will emerge. :frowning:

address randomization ? what’s that? can somebody explain it? (here goes another wiki ;D ).


The reason is that the sites that host that information may not be 100% trust worthy. Posting potentially hostile links would be against the rules of this forum.

Symantec is trustworthy ;D.