10
Part 2
In this part, you will find general concepts of software misuse. In addition, there
are other topics, results and possible implementation of my theories and
research in the field of malicious code and general computer security.
In this book, the assumption was that malware has administrative privileges in
the affected system. This is the default configuration of Windows XP and very
close to the most installations of that operating system over the world (otherwise,
many viruses and worms will not spread).
2.1 ArchiVirus
This is the example of how intended functionality of WinRar Self-Extracting
archives (SFX) can be misused for bad purposes (other archive software that
includes SFX functionality also can be misused in a similar way). The problem is
the scripting functionality of SFX archives that can do “pre” and “post” execution
and other tasks as you will see later. The unsuspicious user opens the SFX
archive that can perform malicious actions in the background.
Below are the sample pictures of creating such SFX archive.
 |
 |
 |