views:

891

answers:

4

I am working on a project that will involve file upload to a server. I am interested in understanding what kinds of files virus writers currently tend to target. I am aware of the following threads:

How would you programmatically test a file for viruses ? ensuring uploaded files are safe How can I determine a file’s true extension/type programatically? Server side virus scanning

But am interested in general in finding out about common attack vectors.

Thanks,

  • Ian
A: 

exe is probably the most common

orthod0ks
+1  A: 

.exe and .scr are most common filetypes. Also, there are "tricks" with double extensions like readme.txt.scr or readme.doc.exe

Davorin
+3  A: 

All of them. There aren't any "safe" file types when a JPG image can infect you with a virus and you can even trick the browser to execute JavaScript in any file no matter its declared type.

But the biggest and most widespread danger doesn't even involve uploaded files - ANY text that is entered by users and displayed on your page is a potential vector of Cross-Site-Scripting attacks.

Michael Borgwardt
+2  A: 

I ran an "upload file" form for a little while and a few things I found:

  • All sorts of PHP scripts (shells, redirects, various "owned by $LAMER", you name it)
  • I think I had a few browser exploits (.html, .jpgs)
  • A bunch of files with the wrong extensions (ie, PHP scripts with the extension .rar, hoping that the server's mime-type guesser did the wrong thing)
  • Zip files full of all of the above

Anyway, those are just a few things I found. Hope they are helpful.

David Wolever