[AccessD] (no subject)

Jim Lawrence accessd at shaw.ca
Fri Oct 7 12:01:34 CDT 2005

The whole issue of many of these viruses and Trojans is that they use a very
common issue with many programs written in C and C++. 

The process used to get control of the resident computer, is to use a simple
script, to first push an address on to the stack, which points back to the
hacker's program and then flood the character buffer of some poorly written
application. The application crashes and Windows recovers by returning
through the stack... which points back to the hackers' code.

Both C and C++ have very simple languages. If you create a string variable
of a length of 50 characters, unlike other languages, if you attempt to push
a string of 65 characters into that string variable, it will accept it. What
happens to the other 15 characters?... well they write off into the string
buffer over-writing the end of string Null character and who knows what
else. (Anyone remembers Fortran common blocks?) It is up to the C programmer
to assure that this can not happen by writing the appropriate code to check
string lengths and number sizes, in their application.

In most cases, hackers are not working around holes left in applications but
are just taking advantage of poorly written code.


-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Mark A Matte
Sent: Friday, October 07, 2005 7:07 AM
To: accessd at databaseadvisors.com
Subject: Re: [AccessD] (no subject)

I may be over simplifying this...but the wording of the following snip 
caught my attention:  "The Hesive Trojan can be disguised as a Microsoft 
Access file. Once opened in Access, infected .mdb files take advantage of a 
five-month old buffer overflow flaw in Microsoft's Jet Database Engine 
software to seize control of vulnerable machines. "...

Would this actually be a virus 'disguised'...or is it just a database 
written to be a virus.  The article states that the virus takes advantages 
of the bug...AFTER you open it with access...from what I know about 
access...you don't need a bug...if you can get someone to open the db...it 
will run all of your code, good or bad, regardless.

I'm not sure what my point was...but something didn't seem entirely clear 
when I read that article...

Any feedback?


Mark A. Matte

More information about the AccessD mailing list