0

Suppose malware lands and executes on a computer. Could this malware attempt to spread further by writing itself to data files (images, pdfs, docs) and hoping that the owner would transfer or upload these files somewhere. Like adding payload to images and targeting some memory vulnerability in a common image viewer. Or would it be highly sophisticated and unlikely?

Are there any examples of such spreading mechanisms in the wild? How likely that scenario would be? In my understanding to exploit some buffer overflow vulnerability, an evil file would need to be crafted manually. It would be a mechanism for a targeted attack and not a mass spreading one, right?

schroeder
  • 123,438
  • 55
  • 284
  • 319
aleks1265
  • 33
  • 2
  • This is the basic method for how viruses spread and have been the common method of spreading for decades. – schroeder Jan 23 '22 at 19:23

1 Answers1

0

Not all malware is a virus, but infecting other files is the major distinction between a virus and other malware. Many people are sloppy and just call all malware viruses, but to be pedantic, this is incorrect.

In these days of ubiquitous multitasking, viruses are less common than other forms of malware that install themselves as stand alone programs. It is a matter of speculation if this is because it is easier to do that or just less detectable. Is one more program running more or less obvious than a modified executable or modified document file? Or is getting a user to open a fake document file easier than modifying a real one?

The point of buffer overflow exploitation or any other method is to somehow execute code from an external source. Once that occurs, the code can exploit additional weaknesses to gain a permanent foothold in the system.

Most such exploits are targeted attacks -- but it may not be you personally that is targeted, but a specific bug in a specific widespread unpatched software application.

user10489
  • 1,217
  • 1
  • 3
  • 13