RE: files containing web llinks

["Laundrup, Jens" <Jens.Laundrup () METROKC GOV>]

You could set up your machine using wireshark to record what comes from
the net and use the Sysinternals program called Filemon.  Then access
the files that causes your problems.  The moment the problem has
occurred once, you can stop the recording (usually a good idea or you
will get a giant log file) and shut down the offending programs.  This
will give you a good idea as to what is going on with your machine.  If
you have dual monitors, consider opening up a Process Exp[lorer window
(also from Sysinternals) and keep an eye on the processes that are
ongoing.  If you double click the processes on the Process explorer, it
will give you the option of suspending or killing processes and it will
give you a great deal of detail as to what the process is doing and
touching.  

I think you have a bug.  Consider purchasing a copy of VMWare 5.0 and
installing it on your computer for just such occasions.  Then when an OS
is corrupted by files you are uploading/downloading/opening, you delete
it and build a new VM instance with that OS.  It beats having to rebuild
your production machine on a regular basis.  

Cheers,   

Jens 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Jeffrey F. Bloss
Sent: Wednesday, November 22, 2006 10:14 AM
To: security-basics () securityfocus com
Subject: Re: files containing web llinks

mr.nasty () ix netcom com wrote:

> Let me be a bit more specific here. I'm examining a hard drive with a
> lot of porn mpg's. I trying to avoid any problems so I view the
> directories using an explorer type viewer which allows me to see a
> thumbnail image of the file. The problem is that when the viewer hits
> that file to open a thumbnail the file opens web pages like crazy.

If images are opening web pages then I'd have to say there's something
terribly wrong. Either you're looking at some sort of link to those
images which is being intercepted, and you're falling victim to some
sort of web trickery, or your image viewer and/or machine is badly
broken and/or horribly compromised.

> I've tried to look at the meta data of the file and there is nothing
> there that I can see that looks like a web page. I've tried to open
> the file with whatever associated application and it too opens a
> whole bunch of web pages.
>
> I'm trying to figure out when you encounter a file like this with a
> *.mpg or *.avi or *.mov type extension how can you turn off or remove
> the 'open a web page' thingy?

There shouldn't be anything to "turn off". It shouldn't happen unless
you're using something specifically designed to make it happen like
some porn peddler's nasty piece of buggered up dross. Not saying it
doesn't exist, but I'm not aware of any mainstream viewer which allows
graphics files and porn trailers to open cascades of web pages. It's
just not "natural". ;)

-- 
Hand crafted on 22 November, 2006 at 13:03:35 EST using
only the finest domestic and imported ASCII.

I'd like to meet the guy who invented beer, and
see what he's working on now.