Security Basics mailing list archives
Re: FAX a virus
From: "Robert Wesley McGrew" <wesley () mcgrewsecurity com>
Date: Fri, 2 Mar 2007 11:24:40 -0600
In this specific scenario, the threat is extraordinarily low. However this is an interesting area, as it's getting into the same ballpark as the processing of printed documentation (the fax is essentially a bitmapped representation of the original document and will be processed in much the same way as a scanned document). I wouldn't worry so much about malicious code embedded within the document, but depending on how the document itself is processed and used, it can serve as an interesting attack vector. I was trying to remember where I'd heard of it before, and I came across this link while googling: http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1234051,00.html ...so I am probably remembering the idea from Ed Skoudis' SANS class. In essence, with documents being OCR'd and then the contents processed in some way (say, a magazine's subscription system processing those little subscription cards automatically) then it's just another point of user input, and a really fascinating way of attacking! It's tempting to start filling the fields of those cards out with <img src=''> web bugs just to see what happens ;). So yes, there may be cases where carefully printing nice and legible SQL injection or XSS strings might be useful! The moral is that in addition focusing on specific, conventional threats, one needs to take a look at the data, how it is processed at different points, and how that processing can be subverted. -- Robert Wesley McGrew http://mcgrewsecurity.com On 3/1/07, Scott Ramsdell <Scott.Ramsdell () cellnet com> wrote:
Alcides, Others on this list, and especially on the Pen Test list, can speak much more suitably than I can on this issue, but I will contribute the following. This depends entirely on how the input to the "document processing system" is sanitized. If the document processing system blindly accepts user input as valid, then you potentially have an issue. If the document processing system runs as a service on your Windows boxes, check to ensure that it launches with an account that does not have System or Admin rights on the box. Kind Regards, Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Alcides Sent: Wednesday, February 28, 2007 10:37 PM To: security-basics () securityfocus com Subject: FAX a virus Hi lists, My FAX server allows me to receive faxes from my clients from Internet. My clients send me some documents using their built-in Fax Printer on their PC. My fax server routes the stuff to the document processing applications. The document processing system extracts various data fields from received portable document format files. The whole scenario is windows environment and let's assume that virus protection is temporarily off. Now, I have a query: Can anyone send a fax that includes a file infected with the virus/ worm operates as a VBS script embedded within a PDF/TIF file to cause infections to my computers/ to affect my FAX system? What about other possibilities of "the bad guys" using some joiner (or wrapper as some say) to bind malware (trojan server etc) with the pdf/ TIF files and fax it to me? I would be very greatful to know what are the various possibilities. Warm regards, Alcides. ------------------------------------------------------------------------ --- This list is sponsored by: BigFix If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix. http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ ITNext/ ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: BigFix If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix. http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/ ---------------------------------------------------------------------------
Current thread:
- FAX a virus Alcides (Mar 01)
- RE: FAX a virus Scott Ramsdell (Mar 02)
- Re: FAX a virus Robert Wesley McGrew (Mar 02)
- RE: FAX a virus Craig Wright (Mar 06)
- Re: FAX a virus Shreyas Zare (Mar 07)
- Message not available
- FAX a virus - Rhetorical and logical Fallacies Craig Wright (Mar 07)
- RE: FAX a virus - Rhetorical and logical Fallacies Steven Hess (Mar 07)
- Re: FAX a virus Robert Wesley McGrew (Mar 02)
- RE: FAX a virus Scott Ramsdell (Mar 02)
- <Possible follow-ups>
- Re: FAX a virus anonymous (Mar 02)
- RE: FAX a virus Craig Wright (Mar 06)
- RE: FAX a virus Nick Duda (Mar 06)
- RE: FAX a virus- a PS Craig Wright (Mar 06)
- RE: FAX a virus Craig Wright (Mar 06)
- RE: FAX a virus Craig Wright (Mar 02)