malware – How to verify there is no malicious code in an opensource library?

You’ll need to go through the source code and decide for yourself if it’s safe for your use or not. If you deem it as safe, you can compile the code yourself and deploy it (as the already compiled code might be different from the source code).

how can i monitor it through some logs(e.g. example access log for incoming connections)? I would like to monitor outbound transfer and what data has transfered?

There are different tools to do that. If you want to block the connections, you can use a firewall.

But if you want to monitor the traffic, you can use tools like Wireshark to capture the packets and see what’s incoming and what’s outgoing.

And as pointed out in comments by @Steffen, the licence does not guarantee any kind of bug/malice free code. What’s bug or undesired feature for you, might be a necessary feature for other.

php – How to verify there is no malicious codes in opensource library?

I am planning to use a opensource library to my project instead of developing from scratch. How can i verify there is no malicious codes in the library or someone cannot access my files, currently Visual studio code also implemented Workspace trust and some extensions are disabled even the extensions are liscenced by trusted source. So I would like to know is all opensource libraries are getting liscence only after they properly verify the libraries? If yes, please leave this question.

Simply if i run some codes and some other codes runs in the background which are not favour to me how can i get alerts or if i call some function is there any possibility post data different server, if yes how can i monitor it?

malware – Is it possible for a compressed file to contain malicious code?

A compressed archive could of course contain arbitrary files inside, including malware. But in this case unpacking and explicitly executing would be needed.

But, bugs in the archive program (i.e. WinRAR in your case) could cause a code execution simply by trying to open an archive, if the archive was specifically prepared to exploit the security issue. Such bugs actually happen, see Nasty code-execution bug in WinRAR threatened millions of users for 14 years.

And code execution then can be done anything, including contacting a remote server to reveal your IP address. Or also encrypt all your files on the system and demand a ransom – which is likely worse than just exposing your IP address.

json – The Blacklist: Blocking Malicious domains using Bash

I’ve made this script to automate blocking some deviant hosts on my router, and was curious if there’s anything much else that can be done to make it quicker and more efficient.

Presently I’m restricted to using packages available on the Entware repository and the latest Busybox/ash shell environment. So, for example, I can’t use commands like sort -S 25% --parallel=4 -u adblock.sources (though found awk/gawk to be faster and more memory efficient anyway).

Any help is greatly appreciated!

curl -GOs https://raw.githubusercontent.com/T145/packages/master/net/adblock/files/adblock.sources

for key in $(jq -r 'keys()' adblock.sources); do
        case $key in
        gaming | osid_basic )
                # Ignore these lists
                ;;
        * )
                url=$(jq -r ".$key.url" adblock.sources)
                rule=$(jq -r ".$key.rule" adblock.sources)

                case $url in
                *.tar.gz )
                        curl -s $url | 
                        tar -xOzf - | 
                        gawk "$rule" | 
                        sed "s/r//g" | 
                        sed 's/^/0.0.0.0 /' >> the_blacklist.temp.txt
                        ;;
                * )
                        curl -s $url | 
                        gawk "$rule" | 
                        sed "s/r//g" | 
                        sed 's/^/0.0.0.0 /' >> the_blacklist.temp.txt
                esac

                unset url
                unset rule
        esac
done

# Filter duplicate hosts
gawk '!a($0)++' the_blacklist.temp.txt > the_blacklist.txt

rm the_blacklist.temp.txt
rm adblock.sources

linux – Malicious request in log

I am receiving malicious request therefore i seek your help i log page urls visited and some of them are like http://example.com/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> and some are like http://example.com/?XDEBUG_SESSION_START=phpstorm and one more like http://example.com/index.php?s=/Index/thinkapp/invokefunction&function=call_user_func_array&var what are these user trying to do and how should I improve the security and take precaution

The ip of attacker is 45.146.164.125 , i check it is from russia

Which remote desktop protocol to choose for a potentially malicious server (linux)

I am trying to “outsource” potentially dangerous applications such as web browsing to a separate Linux machine sitting in its own network segment and which is isolated by a rigorous network firewall from our internal network, thus I am trying to build a “remote-controlled browser”. Since I am in the early planning phase, I wonder which remote protocol to choose best for remote access to such a machine. I have to deal with a potentially malicious server and I want to protect the client (Windows or Linux) which accesses it.

Which remote control protocol would you recommend for a small attack surface? I can think at the moment of

  • RDP
  • VNC
  • SPICE (from the proxmox hypervisor)
  • NX (Nomachine)
  • X2GO
  • XPRA via HTML5

It is clear that the more lightweight a protocol is, the more suitable it is. However, I would prefer to be able to also stream video + audio over it (which might rule out some protocols).

malware – VBA code in malicious word document not visible in VBE editor

I have received a malicious word document as attachment and out of curiosity I opened it with macros disabled to inspect the code. But surprisingly, there’s no code visible in the VBE editor. When I open macros dialog box with Alt + F8, I can see three macros but when clicked the edit button, received response as sub or function not defined. Below is the link to the malicious word file and some screenshots. Hoping somebody has the answer to my curiosity as to how they are hiding the code.

Malicious Word File Screenshot
VBE Editor Screenshot

Malicious Word File Link

malware – How high is the risk that a malicious font file infects a Linux system?

Fonts files contain executable code, which is needed for the hinting mechanisms. If these code blocks contain malware, it is known Windows machines can be infected (see links below). Are there any reports that a Linux machine can be infected via a font? How high should this risk be assessed? Can this risk be ruled out if a computer with non-standard architecture is used (Raspberry Pi), as it is extremely unlikely that font malware had been written for it? Is any of the available Linux anti-malware tools capable of detecting malicious code inside a font (TTF or OTF) file?

— Links —

(1) https://googleprojectzero.blogspot.com/2015/07/one-font-vulnerability-to-rule-them-all.html

(2) How to detect suspicious content in a TrueType Font (.ttf) font file

(3) https://superuser.com/questions/1202551/can-truetype-fonts-contain-malicious-code