Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

DLL Hijacking Issue Plagues Products like Firefox, Chrome, iTunes, OpenOffice
SOFTPEDIA ^ | Feb 8, 2016 12:00 GMT | Catalin Cimpanu

Posted on 02/08/2016 6:41:43 PM PST by Utilizer

Oracle has released new Java installers to fix a well-known security issue (CVE-2016-0603) that also affects a plethora of other applications, from Web browsers to antivirus products, and from file compressors to home cinema software.

The problem is called DLL hijacking (or DLL side-loading) and refers to the fact that malware authors can place DLLs of the same name in specific locations on the target's filesystem and have it inadvertently load the malicious DLL instead of the safe one. DLL hijacking is a very well-known issue

This type of attack is very old and has been known to many software vendors, and especially to malware authors, who sometimes prefer it because it allows them to hijack legitimate applications and not to rely on convincing users to double-click and execute their own malicious binary.

If you've been keeping an eye on infosec sites like Packet Storm, SecLists, or Security Focus, German security researcher Stefan Kanthak has been quite busy testing the installers of various software products against this vulnerability.

Here's a short (probably incomplete) list of applications that he found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes.

(Excerpt) Read more at news.softpedia.com ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: computers; computing; hacking; internet; java; malware; security
Navigation: use the links below to view more comments.
first 1-2021-26 next last
Seems to be quite widespread in effects...
1 posted on 02/08/2016 6:41:43 PM PST by Utilizer
[ Post Reply | Private Reply | View Replies]

To: Utilizer

you can set your build to compile the library in, therefore not loading the DLL.

or you can load the instance yourself specifically, thereby avoiding any DLL that might be in memory

personally, i prefer the first method


2 posted on 02/08/2016 6:47:29 PM PST by sten (fighting tyranny never goes out of style)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

What can we computer idiots running Chrome do to avoid problems?


3 posted on 02/08/2016 6:56:07 PM PST by PROCON (Proud CRUZader!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: sten
I HATE when threads get hijacked !

Grrrr......makes me so mad.

Wait, what is this article about ?

4 posted on 02/08/2016 6:56:22 PM PST by onona (Where are you tonight, my sweet Marie)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Utilizer

I thought that’s what the registry was for?


5 posted on 02/08/2016 6:56:58 PM PST by E. Pluribus Unum ("The goal of socialism is communism... Hatred is the basis of communism" --Vladimir Lenin)
[ Post Reply | Private Reply | To 1 | View Replies]

To: PROCON

In a nutshell, only download install programs from trusted sources such as sourceforge.net, and adobe, microsoft, google and known Linux Stable sites (among others).

MAKE BACKUPS.


6 posted on 02/08/2016 7:00:50 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 3 | View Replies]

To: E. Pluribus Unum

Not the same thing.


7 posted on 02/08/2016 7:01:41 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Utilizer
https://www.java.com/en/download/manual.jsp
8 posted on 02/08/2016 7:06:18 PM PST by TChad (The left's accusations are usually self-descriptions.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

M$ uses DLLs to hijack your PC.


9 posted on 02/08/2016 7:11:35 PM PST by Paladin2 (w)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Paladin2
M$ uses DLLs to hijack your PC.

Then just delete all the DLLs. Problem solved.

10 posted on 02/08/2016 7:12:51 PM PST by tacticalogic ("Oh bother!" said Pooh, as he chambered his last round.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Utilizer

Linux doesn’t use DLLs. The equivalent in Linux/Unix are .os libraries. Which version gets loaded may depend on what is hardcoded in the executable, or it may search the LD_LIBRARY_PATH environment variable.


11 posted on 02/08/2016 7:16:46 PM PST by proxy_user
[ Post Reply | Private Reply | To 6 | View Replies]

To: Paladin2

The ‘doze platform uses many .dll files in its programs. It does not need simply those to access a PC but at least before Win10 you could block access. Not the same .dll ‘s that are used in the applications mentioned.


12 posted on 02/08/2016 7:23:43 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 9 | View Replies]

To: proxy_user

No kidding. Unless you use something like WINE which does indeed use them.


13 posted on 02/08/2016 7:24:38 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Utilizer

How hard is it to seperate the core OS and applications from the damn internet? No web browser should be allowed to touch the OS root directory of program directory. I don’t care if that means the end of browser mods.


14 posted on 02/08/2016 7:52:16 PM PST by rmlew ("Mosques are our barracks, minarets our bayonets, domes our helmets, the believers our soldiers.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: rmlew

Not sure if you meant to reply to this thread actually, but here:

http://freerepublic.com/focus/f-chat/3394418/posts

is one more applicable to your comment, should you care to join in.


15 posted on 02/08/2016 8:06:41 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 14 | View Replies]

To: PROCON

Make sure to check frequently for updates and security fixes. There will always be computer vulnerabilities. You just have to stay on top of it. Don’t go to dodgy websites. Don’t load programs from questionable sources. Make sure your computer patches are up to date. Ad blockers can also prevent infected ads from loading malware on your computer.


16 posted on 02/08/2016 8:11:41 PM PST by r_barton (We the People of the United States...)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Utilizer

I thought the registry registered DLLs with strong names so DLLs with the same short names wouldn’t get intermixed.


17 posted on 02/08/2016 8:13:35 PM PST by E. Pluribus Unum ("The goal of socialism is communism... Hatred is the basis of communism" --Vladimir Lenin)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Utilizer

The company i work at recently had a network server get infected with ransomware. Here is part of the letter from the crooks.


What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.

More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

How did this happen ?
!!! Specially for your PC was generated personal RSA-4096 KEY, both public and private.

!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.

Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way.

If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:


18 posted on 02/08/2016 8:17:32 PM PST by minnesota_bound
[ Post Reply | Private Reply | To 1 | View Replies]

To: r_barton
Make sure to check frequently for updates and security fixes.

When you say that, do you mean for my Windows 8.1 operating system or my Chrome browser?

19 posted on 02/08/2016 8:27:02 PM PST by PROCON (Proud CRUZader!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: PROCON

All of them. Keep Windows patches up to date. Keep individual software packages up to date. Each can have separate vulnerabilities.


20 posted on 02/08/2016 8:29:30 PM PST by r_barton (We the People of the United States...)
[ Post Reply | Private Reply | To 19 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-26 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson