MrZork wrote...
I'm not an expert, but it should be pretty easy to use a wrapper that has a virus infect to a system and then pass execution on to the original binary. But, even if there isn't some hacker's tool that automates creating that wrapper, there's still the problem that running an executable is a risky way to check whether it's infected. By the time the user confirms that the binary isn't doing what one would expect it to, it may have caused all sorts of trouble that's a pain to fix.
I certainly agree that the most straightforward course of action for installing the CP would be to download ShaDoOoW's official release from the Vault and use that instead of any potentially suspect or obsolete file.
Lets not forget the fact that he has scanned it, and it comes back clean.
on side note-
Creating wrappers is easy in .Net Reflection - however, the trade off is that the application that is wrapping the original, needs to be compiled, with enough byte buffer space inside it, to account for the application it is trying to wrap.
eg- the memory cannot be dynamically increased to account for larger executables - unless the application gets rebuilt/compiled.
This means - yes, a 250kb wrapper program, can wrap a 10kb file, or a 100kb file.
But would not be able to wrap a 275kb file.
The other method of virus propagation, is code inject or code caves.
Where some code from the infected application, copies itself into the binary of another -
the problem there however, is making do this in such a way that it doesnt affect the functionality of the target application, and often its a very targetted process, where the injecting application, needs to know the correct memory address to inject to.
