Full Disclosure mailing list archives

Re: DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit

From: Christian Sciberras <uuf6429 () gmail com>
Date: Tue, 14 Aug 2012 00:02:10 +0200

I've got two concerns about this:


1. Either way you put it, I can't see how one can make a convincing
argument out of downloading a DLL file.
Asking laymen, they'd ask "what's a dll for? weren't updates done with
exe/msi/etc? why's it got that funny icon?"

2. I'm a bit curious about your choice of code, and why you commented out
exit(0); (what's the point anyway?)


Cheers,
Chris.




On Mon, Aug 13, 2012 at 7:19 PM, Gynvael Coldwind <gynvael () coldwind pl>wrote:

Well, what can I say - your write up is accurate.

Though last time I've seen it, around 5 years ago, it was still called
DLL spoofing and not DLL hijacking, and was one of the arguments why
"carpet bombing" (automatic download) in Safair/Chrome must be fixed
:)
E.g. http://gynvael.coldwind.pl/?id=55

--
gynvael.coldwind//vx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Matt Howard (Aug 13)
- Re: DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Gynvael Coldwind (Aug 13)
  - Re: DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Christian Sciberras (Aug 13)
    - Re: DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit Matt Howard (Aug 13)