Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Dangers of copy&paste - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Dangers of copy&paste

One of our readers, Bill, wrote in to let us know about a pretty dangerous batch script that was posted on a web site that he visited. The script is supposed to help users get rid of print jobs which are still in the spooler, but a couple of obvious errors were done. I am pasting the original, as it was on the web site below (of course, do not run this):

@echo off
echo Stopping print spooler.
echo.
net stop spooler
echo deleting stuff... where? I'm not sure. Just deleting stuff.
echo.
FOR %%A IN (%systemroot%  system32  spool  printers     *.*) DO DEL %%A
echo Starting print spooler.
echo.
net start spooler

The script is, as you can see, very simple – all it does is stop the printer spooler (the spooler service) and then it is supposed to delete all files in the %systemroot%system32spoolprinters directory. Unfortunately, the author (accidentally?) added couple of white spaces so this script became extremely dangerous: it will try to delete all files in the %systemroot% directory, in C: and in the current directory.

This simple error shows how dangerous it can be to just blindly copy&paste stuff off the Internet and run it in your environment. While in this case it was easy to spot the error since the whole script is only 10 lines long, in other cases we should be very careful.

I also noticed another thing very popular today – in order to faster download stuff off the Internet (legal stuff, such as Linux distributions), people tend to use a lot of different utilities that are supposed to provide faster download speeds. Such utilities can be simple Bittorrent clients or dubious utilities that will download unverified things from even more dubious web sites. And this leads me to a question: how many of you verify integrity of files you download? It would be interesting to compare the number of downloaded ISO images of popular Linux distributions with the number of downloaded checksum files – I fear that less than 1% people verify what they download. I hope in time this number will increase!

--
Bojan

 

Bojan

360 Posts
ISC Handler
Even if you get the right file, doing a checksum is useful - this is how I figured out I had some bad RAM - all the downloads were corrupt - even from good sources :)
Anonymous

Posts
I think your post would be clearer if the original backslashes were rendered, instead of yet more spaces
Anonymous

Posts
I think your post would be clearer if the original backslashes were rendered, instead of yet more spaces
Anonymous

Posts
Indeed, however the editor keeps eating backslashes - will get Johannes to fix that.
Bojan

360 Posts Posts
ISC Handler
The problem is that the checksum is usually on the same website that I'm downloading from which makes it useless. If the site is untrusted, it would tamper with the checksum as well. There should a trusted source for providing this checksum
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!