[WEB SECURITY] Infected Dropbox and DoS in online interpreters

MustLive mustlive at websecurity.com.ua
Fri May 24 13:36:10 EDT 2013

Hello participants of Mailing List.

This month I've wrote new articles. And I'll tell you briefly about two my
articles concerning infected Dropbox and DoS in online interpreters. These
topics should be interesting for you (especially for those, who haven't read
them before).

1. Infected Dropbox.

In this article I've told about malware at Dropbox and using of Dropbox (and
any other file hosting and file synchronization service, especially cloud
service) for spreading malware. In previous years I wrote multiple times
about infections at famous sites. If URL shorteners, such as TinyURL, and
social networks, such as VKontakte, already for long time are using for
spreading malware (I wrote about cases of found malware at these sites by
Google), then file hostings also can be used for these purposes. And in May 
I've found such situation at Dropbox.

In case of TinyURL malware can be placed as at tinyurl.com web site itself
(in 2009 I wrote about multiple vulnerabilities at this site which can be
used for such attack and there are other URL shorteners with similar holes,
and in the same year I wrote about XSS vulnerabilities in multiple browsers
which can be used to conduct such attacks via redirectors, but lame
developers of the browsers ignored to fix such holes).

In case of Dropbox the attack is going through placing malicious files at
servers of the service. According to Google, the malware at dropbox.com (and
other subdomains with infection) was found at the day of writing this
article and these were thousands of trojans, viruses and exploits. Hundreds
of web sites were infected with files from Dropbox. Such usage of this
service makes it cloud hosting for malware.

2. DoS in online interpreters.

In this article I've told about DoS vulnerabilities in online interpreters.
In 2010 I wrote about Cross-Language Scripting
(http://websecurity.com.ua/4247/) - XSS vulnerabilities in online
interpreters, and this time I'd tell about DoS vulnerabilities. They concern
with string operations in interpreters, which allow to fill all available
memory of the server.

Denial of Service vulnerabilities I've found in two interpreters: in 2009 in
MustLive Perl Pascal Programs Interpreter (from first version in 2006 I've
made it protected against DoS attacks, but after three years I found
multiple ways to bypass this protection, which I fixed) and in 2012 in
TryRuby (after my informing about multiple DoS vectors, the developers added
some protection). Since this interpreter uses JRuby Sandbox, then DoS also
concerns this software. In both found cases, these were DoS attacks via
resource consumption (particularly server's RAM). According to
Classification of DoS vulnerabilities in web applications
(http://websecurity.com.ua/2663/) - this is Overload DoS.

Best wishes & regards,
Administrator of Websecurity web site

More information about the websecurity mailing list