My apologies this may sound like a paranoid question... Recently my friend\'s we

Question

My apologies this may sound like a paranoid question...

Recently my friend's website was infected by malware.

With her permission, I FTP into her account to have a look and found some malicious PHP files with Base64 (i think?) strings as well as TXT files that seem like Bash/Perl scripts calling "wget" on some server.

Question:

1. I won't get infected by viewing/editing those PHP and TXT files right? (I use FTP to download them and Aptana Studio 3 to view them).

2. I tried decoding the supposedly Base64 string using an online decoder. The operation failed (i.e. nothing was decoded). Nothing was also downloaded. Doing this won't cause my PC to be infected right?

Thanks guys.

Explanation / Answer

As the data is embeded in a PHP script file, it is perfectly safe to download the file and edit in a script editor.

If you do manage to decode the obscured data, you do, of course, need to be careful how you handle that.

There is no danger to you or anyone else as long as you are not trying to interpret the data automatically. Even trying to interpret the obscured data by unencoding it will not present a particular danger though the resulting file might itself be dangerous depending on the file type resulting. PDF files can be dangerous if loaded into Adobe reader (use Ghost script or another simple reader if not sure, preferably in a throw-away VM), Image files can be dangerous due to possible bugs in the OS handling of images. Script files (PHP, PERL, etc.) are never dangerous unless executed.

Related Questions

Navigate

• Browse (All)
• Browse M
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.