3 replies to this topic

[jonathon]

All:

I've had experience with alleged e-Sword resources turning out to be vectors for malware infestation. I know of two other instances where the only way to clear the malware that was loaded from an alleged e-Sword resource was to reformat the drive, twice.

What I'm interested in learning, is if "normal" users have:
* found e-Sword related email/tweets/etc to be a vector for phishing;
* run into malware issues, from downloading actual or alleged e-Sword resources;

I'm especially in stories other than the malware that was on e-Sword-users.org last year. (I see that as a "drive by" attack. I'm more interested in where e-Sword resources are the vector of attack.)

jonathon

[LarryG]

Yes Jonathon, from 'modules' that used to be posted on eSnips. This was over 5 years ago.

[Josh Bond]

I can see an Access database (eSword 8.x and prior modules) having a malicious macro that's triggered on a Windows OS. I can see a self installing exe being infected with something malicious. I cannot see a SQLite database (e-Sword 9x modules) itself being "infected" with something. I can see the database containing something bad possibly, but seems it would require e-Sword cooperation to do anything bad with it.

[jonathon]

I can see a self installing exe being infected with something malicious.

My impression is that most of the malware exploits have been self-installing.

I cannot see a SQLite database (e-Sword 9x modules) itself being "infected" with something

A binary blob in a database field can't do anything by itself. In theory, it can trigger a stack buffer overflow, that can be exploited.

but seems it would require e-Sword cooperation to do anything bad with it.

That brings up a vector I hadn't even considered.
Audio, video, or graphic images that contain malware.

jonathon