Home page logo
/

basics logo Security Basics mailing list archives

Re: RE: FAX a virus
From: anonymous () email com
Date: 7 Mar 2007 12:34:00 -0000

Craig, I feel sorry that in order for you to feel good about yourself you feel it necessary to slander others.

A bit off topic, my apologies to the rest of the list. Now back to the question:

Hi lists,
My FAX server allows me to receive faxes from my clients from Internet.
My clients send me some documents using their built-in Fax Printer on
their PC. My fax server routes the stuff to the document processing
applications. The document processing system extracts various data
fields from received portable document format files.
The whole scenario is windows environment and let's assume that virus
protection is temporarily off.

Now, I have a query:
Can anyone send a fax that includes a file infected with the virus/ worm

operates as a VBS script embedded within a PDF/TIF file to cause
infections to my computers/ to affect my FAX system?
What about other possibilities of "the bad guys" using some joiner (or
wrapper as some say) to bind malware (trojan server etc) with the pdf/
TIF files and fax it to me?
I would be very greatful to know what are the various possibilities.

Warm regards,
Alcides.

Since when does a virus have to essentially "root" a machine? This individual was and is soliciting this list for 
information regarding a piece of software running on a standard tcp/ip network accepting phone calls/faxes and passing 
them along to a database of some type.

I say 'some type' and 'piece of software' due to the lack of application names etc. provided from this user.

If the fax server in this case is accepting information from another fax machine via the internet who are you to say 
that faxing the individual an power point file with an embedded image or audio clip would not essentially 'crash' the 
fax server software due to its inability to handle exceptional conditions?

This may not be a typical virus/worm in the sense that it 'compromises' or 'obtains a shell' on the fax server but it 
provides a different attack vector in the form of a DOS.

Again this is hypothetical due to the information given and the inability of myself to test this theory, but due to 
limitations in the mime type checks of this type of software, this attack vector is entirely possible.

On another note, regarding my statement of 'remotely updating the firmware of a fax machine' how many linksys routers 
came shipped with a default password and configuration? Better yet, how many linksys, cisco et al. routers have you 
seen in your experience which allow remote updates to the firmware? We all know the standard fax machine connected to a 
typical RJ-11 jack would not accept or listen on a bound tftp port for remote firmware updates but what about new fax 
machines capable of accepting faxes over VOIP? Have you access to a device of this type? Have you attempted to test for 
open vulnerabilities on a device of this type if you had access?

From a developers perspective, I would not doubt the firmware updates to a device (fax machine which supports voip, 
ip, udp) would be done over a standard tftp connection.

With these things being said, perhaps someone will put these measures to the test.

Besides if this is a piece of software listening on the internet (which was clearly stated in the original question) 
there is an open port, and with an open port there are possibilities of remote compromise via several attack vectors 
common with any network software.

In any event, I would suggest to the original poster the following: Setup a machine outside of your network and install 
nmap and a packet generator and start throwing data at your fax server and see what gets returned. Without doing that 
all of your answers will be vague and generalized due to lack of information provided regarding the name of the fax 
software etc.

Hope that answers your question.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]