Dangers of copy&paste - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Didier Stevens

Threat Level: green

Dangers of copy&paste
One of our readers, Bill, wrote in to let us know about a pretty dangerous batch script that was posted on a web site that he visited. The script is supposed to help users get rid of print jobs which are still in the spooler, but a couple of obvious errors were done. I am pasting the original, as it was on the web site below (of course, do not run this): @echo off echo Stopping print spooler. echo. net stop spooler echo deleting stuff... where? I'm not sure. Just deleting stuff. echo. FOR %%A IN (%systemroot% system32 spool printers .) DO DEL %%A echo Starting print spooler. echo. net start spooler The script is, as you can see, very simple – all it does is stop the printer spooler (the spooler service) and then it is supposed to delete all files in the %systemroot%system32spoolprinters directory. Unfortunately, the author (accidentally?) added couple of white spaces so this script became extremely dangerous: it will try to delete all files in the %systemroot% directory, in C: and in the current directory. This simple error shows how dangerous it can be to just blindly copy&paste stuff off the Internet and run it in your environment. While in this case it was easy to spot the error since the whole script is only 10 lines long, in other cases we should be very careful. I also noticed another thing very popular today – in order to faster download stuff off the Internet (legal stuff, such as Linux distributions), people tend to use a lot of different utilities that are supposed to provide faster download speeds. Such utilities can be simple Bittorrent clients or dubious utilities that will download unverified things from even more dubious web sites. And this leads me to a question: how many of you verify integrity of files you download? It would be interesting to compare the number of downloaded ISO images of popular Linux distributions with the number of downloaded checksum files – I fear that less than 1% people verify what they download. I hope in time this number will increase! -- Bojan I will be teaching next: Web App Penetration Testing and Ethical Hacking - Pen Test HackFest Summit & Training 2022	Bojan 403 Posts ISC Handler Mar 18th 2010
Thread locked Subscribe	Mar 18th 2010 1 decade ago
Even if you get the right file, doing a checksum is useful - this is how I figured out I had some bad RAM - all the downloads were corrupt - even from good sources :)	Anonymous
Quote	Mar 18th 2010 1 decade ago
I think your post would be clearer if the original backslashes were rendered, instead of yet more spaces	Anonymous
Quote	Mar 18th 2010 1 decade ago
I think your post would be clearer if the original backslashes were rendered, instead of yet more spaces	Anonymous
Quote	Mar 18th 2010 1 decade ago
Indeed, however the editor keeps eating backslashes - will get Johannes to fix that.	Bojan 403 Posts ISC Handler
Quote	Mar 18th 2010 1 decade ago
The problem is that the checksum is usually on the same website that I'm downloading from which makes it useless. If the site is untrusted, it would tamper with the checksum as well. There should a trusted source for providing this checksum	Bojan 1 Posts
Quote	Mar 22nd 2010 1 decade ago