Security Basics mailing list archives
RE: FAX a virus
From: "Craig Wright" <cwright () bdosyd com au>
Date: Sat, 3 Mar 2007 15:11:49 +1100
Let's put this is another and simpler format. First let us consider the question, "If you write code and store it in text format, does it run?" The answer here is simple, even if the file is in for format of a script rather than an executable, it will not run. Code needs to be compiler or interpreted. Thus text received will not act as code. Next, let us consider script. When saved as text into a document, the information is text and not code. It is ok and feasible to keep the code of a virus as text and it will never run or cause other issue. When however it is compiled or saved as code it will have a different effect. So, if you receive the file, save it and than either compile it or format it such that it either forms script in some application format and than (yourself) run this in the application - it could act as malware. In this case, the result is similar to stating, "If I download code for a virus, compile it and run it will I be infected?" The answer is in either case not analogous to if I download the text will I be infected. Again, the answer is no. You will not be impacted. There is no known manner. No theory that has a possible attack vector and nothing but FUD to state that this is possible. Regards, Craig -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Alcides Sent: Thursday, 1 March 2007 3:37 PM To: security-basics () securityfocus com Subject: FAX a virus Hi lists, My FAX server allows me to receive faxes from my clients from Internet. My clients send me some documents using their built-in Fax Printer on their PC. My fax server routes the stuff to the document processing applications. The document processing system extracts various data fields from received portable document format files. The whole scenario is windows environment and let's assume that virus protection is temporarily off. Now, I have a query: Can anyone send a fax that includes a file infected with the virus/ worm operates as a VBS script embedded within a PDF/TIF file to cause infections to my computers/ to affect my FAX system? What about other possibilities of "the bad guys" using some joiner (or wrapper as some say) to bind malware (trojan server etc) with the pdf/ TIF files and fax it to me? I would be very greatful to know what are the various possibilities. Warm regards, Alcides. ------------------------------------------------------------------------ --- This list is sponsored by: BigFix If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix. http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ ITNext/ ------------------------------------------------------------------------ --- Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. --------------------------------------------------------------------------- This list is sponsored by: BigFix If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix. http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/ --------------------------------------------------------------------------- Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
Current thread:
- RE: FAX a virus, (continued)
- RE: FAX a virus Craig Wright (Mar 06)
- Re: FAX a virus Shreyas Zare (Mar 07)
- Message not available
- FAX a virus - Rhetorical and logical Fallacies Craig Wright (Mar 07)
- RE: FAX a virus - Rhetorical and logical Fallacies Steven Hess (Mar 07)
- RE: FAX a virus Craig Wright (Mar 06)
- RE: FAX a virus Nick Duda (Mar 06)
- RE: FAX a virus- a PS Craig Wright (Mar 06)
- RE: FAX a virus Craig Wright (Mar 06)
- FUD, risk and videotape... Craig Wright (Mar 06)
- Message not available
- RE: FAX a virus Craig Wright (Mar 07)
- RE: FAX a virus Scott Ramsdell (Mar 07)
- RE: FAX a virus Craig Wright (Mar 07)
- Re: FAX a virus - THREAD IS NOW CLOSED Kelly Martin (Mar 07)
- RE: FAX a virus Craig Wright (Mar 07)