[ale] OT: Help me figure out what is happening?

Adrin haswes at mindspring.com
Fri Feb 22 07:17:34 EST 2002


I would email them back and ask about the security concerns
at least.

Personally it really makes me wonder what kind of company
would do something like that.   I see this a lot from IT
companies as well as schools that are suppose to train IT
professional, even Colleges.   Kind of makes you wonder what
kind of training you get from someone that can't even
practice good IT behavior/skills.

Adrin


-----Original Message-----
From: Geoffrey [mailto:esoteric at 3times25.net]
To: ale at ale.org
Sent: Friday, February 22, 2002 12:11 AM
To: Jeff Hubbs
Cc: ale at ale.org
Subject: Re: [ale] OT: Help me figure out what is happening?

I suspect the *.jar file is a java archive.  I've seen *.xpi
files when
downloading a java plugin for mozilla.  That certainly
doesn't provide a
solution, but might give you a bit more insight.

All I've got to say is, what kind of completely stupid
company would
send a windows executable?  That really takes the cake.  I
don't envy
your position as the job seeker.

You don't have a spare windows box laying around you could
risk?

I don't know what kind of timeframe you're operating in, but
I've got an
old install of NT on vmware I was about to trash.  I'd be
glad to open
that puppy up on that sandbox if you'd like.  Problem is,
what do you do
next???

Jeff Hubbs wrote:
> I applied for a job yesterday and I got an e-mail back
with what appears
> to be a Windows executable attached that I am expected to
run in order
> to fill out and submit some kind of online form.
>
> I have enough computer security 'fu to know that this is a
very, very,
> bad practice and that every applicant is placed at risk by
this
> practice.  So, I tried to fire it up under Wine to see
what would
> happen.  Wine churns for a while and I eventually get an
error box
> titled "OmniForm Mailable Filler" that says "Failed to
launch
> application."  I did just a bit of Google research on this
app.  I want
> to e-mail these people back and tell them that due to
security concerns
> I don't want to run this application; for those of us to
whom the
> reasons aren't plainly obvious, it's mostly because I have
no way to
> know if this binary has gotten virus-infected along the
way and that
> even if I had a Windows machine with anti-virus software,
it isn't going
> to be any more effective at detecting such a virus than
any AV software
> the sender used on it (presuming they even bothered).
> Anyway, my question to you is this:  I pulled this command
line out of
> /proc - can you tell me what OmniForm Mailable Filler is
attempting to
> do here?
>
>
/usr/bin/winereal--E:\EXEbaeb.tmp"E:\OFMbaec.tmp""F:\tmp\win
e_c\JobAPPComplete.exe"\
>
> http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
> http://www.eomniform.com/OF5/nsplugins/OFMailNP.jar \
> http://www.eomniform.com/OF5/nsplugins/OFMailNP.xpi
>
> Note:   "F:\tmp\wine_c\JobAPPComplete.exe" is the Windows
filespec as
> seen by Wine to refer to the app in question.
>
> Without drilling real deeply here, it looks to me that the
app tries to
> call up other Web-downloaded code (.cab, .jar), which
would seem to
> further amplify the security risk (add to the virus risk
the idea that I
> have no idea what all this stuff wants to do in my
system).  Looking
> through my Google findings suggests that OmniForm Mailable
Filler makes
> use of browser plugins.
> If I had to guess, I'd suppose that the downloaded code
constitutes an
> SMTP UA, mailing my inputted data to some mail server
somewhere (begs
> the question, how am I being authenticated?).
> - Jeff
>
>
>
>
> ---
> This message has been sent through the ALE general
discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
Problems
> should be sent to listmaster at ale dot org.
>
>


--
Until later: Geoffrey           esoteric at 3times25.net

I didn't have to buy my radio from a specific company to
listen
to FM, why doesn't that apply to the Internet (anymore...)?


---
This message has been sent through the ALE general
discussion list.
See http://www.ale.org/mailing-lists.shtml for more info.
Problems should be
sent to listmaster at ale dot org.


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list