Gah! Need better anti-bug stuff

**Sevis** · 12-08-2009, 06:54

I've not got GIMP on me at the moment, so I'll test that later.

As I said - it's the hidden extension. In this case, on Unix, "test" is the name and "gif" the extension, while on Windows, "test.gif" is the name and "bat" the extension. The program is not parsed by whatever image viewer you have - it's sent right into cmd.exe, which will of course be quite dangerous. Would having the first example (in Unix, in a graphical environment), named "test.gif.sh", double-clicked, do anything else? I rather doubt it.

The problem, I would say, is file browsers sometimes hiding extensions, and users not doing anything about it. Checking the (entire) file for possibly dangerous strings and limiting the use of those would take quite a while and have no difference on the typical (used-as-intended) experience.

However, this post has gotten me curious as to how long it would take for 'cat /dev/urandom | grep "; rm -rf /;"' to give us something... Probably too long to wait, the chance per character is 256^-11 (=2^-88, which is around (10^-24)/256).

**Beirut** · 12-08-2009, 11:54

Originally Posted by Sevis

However, this post has gotten me curious as to how long it would take for 'cat /dev/urandom | grep "; rm -rf /;"' to give us something... Probably too long to wait, the chance per character is 256^-11 (=2^-88, which is around (10^-24)/256).

You know, the nerd in me needs a cigarette after reading posts like that.

Ah feel faint...

But you guys know your stuff. I DL-ed Avast and a few minutes later a little screen pops up and says "Dingwad! You have a rootkit messing with your rig." It even warned me I was being attacked. Wild little program.

A scan and a few clicks later and things are much better.

Thanks, y'all.