Re: [Fed-Talk] Espionage in the 21st Century
Re: [Fed-Talk] Espionage in the 21st Century
- Subject: Re: [Fed-Talk] Espionage in the 21st Century
- From: Todd Heberlein <email@hidden>
- Date: Fri, 09 Dec 2011 11:05:29 -0800
On Dec 9, 2011, at 5:40 AM, William Cerniuk wrote:
> Second, wouldn't the hidden executable in non-executable file object feature of the AntiVirus software pick this anomaly up in the file type? It is pretty basic that a jpg should not carry with it any type of executable file.
I actually reverse this. The "Folder", "JPEG image" and "PDF file" you see on the flash drive are actually just applications.
I just set the application icons to what appear to be regular files or folders. This is the social engineering aspect of the attack I alluded to in the video. Another aspect is to give the file or folder name something that I think people would want to open. If I created a "folder" named "iPhone 5 designs", put it on a flash drive, and "accidentally" left the flash drive in the bathroom at an Apple conference, can you imagine how many people would click on that folder?
Buried inside the application are the actual folder, image, and pdf file. The application simply hands these off to real Finder and Preview application to open.
So, at a minimum, if you open a file on a flash drive someone gave you at a meeting, list the files in "list" mode first to make sure that it doesn't end with ".app".
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden