In response to David Harley’s Blog about the much overhyped “Khobe” attack, RJ asked the following question:
If someone were to download software they thought was genuine (freeware of some sort) and it had this code embedded into it, could the system be compromised?
For Example, I download a free PDF convertor that I think is 100% legit…but the software has the mentioned code embedded into it. What would happen when I start to install the "legit" pdf convertor?
The simple answer is yes. What you need to understand about malicious software is that it is not magic. Word processors are a category of programs. Office productivity tools are a broader class of programs that can include a lot of different types of tools. Malware is a broad class of programs designed to be malicious, but still they are only programs, nothing more and nothing less.
A computer program simply executes instructions. The instructions can tell the computer to do things you like or do not like depending upon who wrote the program and what you want done. Any program can contain functionality that you are unaware of and do not want, so it is always important to have a good reason to trust and program you download and run.
Imagine a Word document that has detailed instructions for fixing your car. A bad person could edit the instructions and tell you to do something that would damage your car. Unlike a Word document, you generally don’t see the instructions in a computer program.
I really wouldn’t worry about a free piece of software having the Khobe attack in it, there are far more real threats to be concerned with.
Fundamentally, a PDF converter is the name of the alleged functionality of the program, but the software itself could be anything. This holds true for all programs. Many of the early Trojan horse programs claimed to be games. Some of them did nothing but harm your computer, while others did have a game and other bad functionality as well.
It is always a good idea to be mindful that the title of a program does not make the software what it is. Only download software from trusted vendors. If your friend wants to share a program with you, find out where they got it and if you trust the vendor, download it from their website.
Virtually anything can be in a program!
Director of Technical Education
Author ESET Research, We Live Security