trojan horse with a .cab ext?

ironman00818 · 04-29-04, 10:25 PM

Anyone run into one of these before? My virus program caught it tonight while I was surfing for freeware for my Ax. Thought .cab extentions only worked on PPCs. Makes you wonder.

Howard2k · 04-29-04, 10:26 PM

Could be a false positive?

04-29-04, 11:08 PM

Nope, cab has been aroud since before PPCs. Stick a Windows 95 or 98 disc in your CD drive and search for *.cab. You'll see tons of them. A cab file is not much more then a compressed file. However it also includes instructions which the OS uses to know what to put where and what registry entries to add.

ironman00818 · 04-30-04, 11:57 PM

Afraid I was using Apple computers in the Windows 95-98 days. Thanks for the info. Thought I had run into one of the first trojan horse targeted for PPCs.

HighTymes · 05-01-04, 12:32 AM

What program is it so we know not to download it.

Thankz

ironman00818 · 05-01-04, 12:43 AM

I was surfing links for a animation program. Had about 4 or 5 windows open (funny thing is it installed as I was backing up through pages using history) I could not tell exactly which site it was that tried to infect my computer. Just that they were all PPC sites.

05-01-04, 03:55 PM

It is really easy to make a malicious CAB file aimed at PPCs, though it seems your case was not that at all. So far, there is no way for PC- or PPC-based AV program to detect such malware, as it has never yet surfaced in the wild and so developers haven't prepared for it. I know AirScanner is working on the problem, among lots of other potential threats to PPC users, because I wrote a book chapter for them on one such instance... a little something I cooked up on my iPAQ, which proved easily distributable under any number of names, and 100% fatal to main memory on any ARM-based PPC. NDA prohibits my going into this further, and frankly I'd rather not see it ever come to pass that we face risks such as this when downloading CAB files, ZIP compressed or not. Seems so bizarre that people attack others at random, just for kicks. Anyway, I'm just saying one should always tap No to the 'open file after download?' question in Pocket IE, when it's a CAB file, and further we should all be making very frequent backups one way or another.

ironman00818 · 05-01-04, 04:27 PM

That is one of the strange things about this instance. I had not downloaded anything. As soon as the page loaded in the browser the virus warning came up. The thing was still in my internet temp file. It loaded in with the web page. Does not give me a warm feeling that it was on a PPC site. As Gerard stated I hope that anti-virus programming start to address this kind of thing and not wait around for the s%#* to hit the fan.

gsteinb88 · 05-01-04, 05:17 PM

Well, pc-cillin makes a virus scanner for the ppc and there are a few others out there, i think you can get one of them in the downloads section of this site. Might want to check those out if you are afraid of things like this happening to your ppc...
-g

ironman00818 · 05-01-04, 06:58 PM

Actually I run McAfee virus scan for PDA. The problem is since there are no recorded viruses for the PPC "on the loose" how good is it? It probably checks for basic stuff but at this point in time that is most likely it