Jump to content
walker17x

notepad exploit protection ?

Recommended Posts

Hi !

 

I know that there some malware and exploit that use notepad , but i don't see a notepad protection in malwarebytes anti-exploit.

 

This feature will come in the futur ?

Share this post


Link to post
Share on other sites

I know of no malware that exploits NOTEPAD.EXE.  It is nothing but an ASCII text editor.

 

It is not an application like FireFox or Adobe Reader.  It is just a simple utility.

Share this post


Link to post
Share on other sites

Thanks for posting Walker.

 

We normally include protection in MBAE Free for commonly attacked applications in the wild. If you have any references to exploit attacks on notepad please post them here or send them to me via PM and we can study them more in-depth.

 

In the meantime with MBAE Premium you can add custom shields for just about any application, notepad.exe included.

Share this post


Link to post
Share on other sites

Keyloggers don't care about what application is used.  They just track user input.  On the other hand as a utility, NOTEPAD.EXE is not used to the same degree as a Browser or a Word Processor so Malicious Actors can ignore NOTEPAD as being an unworthy target for them to monitor.

 

When one talks about an "exploit" there are two basic kinds.

 

*  Exploiting a software vulnerability to gain elevated privileges to effect a compromise

 

*  Taking advantage of a capability to use in their benefit in an unexpected or unanticipated way.

 

As an example of the first case I'll use the Lovsan/Blaster worm.  It exploited a software vulnerability in the Operating System RPCSS/DCOM which uses TCP port 135.  The Lovsan/Blaster worm would send a specific set or string of characters to TCP port 135 to create a "buffer overflow with an elevation of privileges" condition where if successful, the worm would create a BLASTER.EXE on the target system and then execute it.  Once the PC was infected it would seek new hosts and the Lovsan/Blaster worm would spread exponentially.

 

As an example of the second  case I'll use the Wimad trojan.  The Wimad trojan takes advantage of the Digital Rights Management (DRM) incorporated in media files such as MP3, WMV and other music and video files.  By taking advantage of the DRM, it would be used in combination of Social Engineering and one's desire for "free music" or a "free movie" to cause the person to download and run some malicious program.

 

When we talk about a Browser and exploitation there are many vectors to take advantage of.  It could be JavaScript, a Flash File (SWF), a PDF file or a web page using PHP and/or HTML.  When the Browser renders the content there are multiple layers and interaction of software from different vendors.  Thus these are the avenues most often used as a path to Exploitation.

 

In the case of NOTEPAD.EXE it doesn't really do anything.  It strips non-ASCII and removes Rich Text Formatting.  Thus it has an extremely low potential for the vulnerability/exploitation action.  It is possible that a "bug" could exist in the EXE file that could be taken advantage of but due to its simplicity and its low use is puts it at the bottom of the list to be exploited.

 

NOTE:  Social Engineering is the Human Exploit !

Share this post


Link to post
Share on other sites

It is nothing but a simple example.

 

If your comment is that the example should be more realistic and "real world" as to something that would be an exploitable target, such as Internet Explorer, then that would be valuable feedback.

Share this post


Link to post
Share on other sites

Yes Sir, noting that most people learn by example, and the example could imply that notepad.exe would be a selection for protection.

Share this post


Link to post
Share on other sites

Sounds like a good idea, we'll change that to use a more realistic example such as Skype, IM, etc.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.