The file is binary, named \'96748\', and it\'s 12.8kb in size. Ubuntu thinks it\

Question

The file is binary, named '96748', and it's 12.8kb in size. Ubuntu thinks it's an swf. Thank god I was in a Linux VM and not Windows. It doesn't seem to have done anything, and it's just sitting there in my downloads folder.

This is the URL (don't visit in Windows) h**p://www.buzzfeed.com/elliewoodward/orlando-bloom-tried-to-punch-justin-bieber-after-a-scuffle-i

Does anybody know what this could be? Is it malicious?

How can I investigate further into it to see what it may be? I already cat'd it to look for strings and there was nothing.

Explanation / Answer

The file is probably benign but as per your question, here's the real answer:

In terms of investigating, open the file up in a forensic imager or just simple HxD to see the real guts. You can also just open the .swf in an editor. In am imager, you can also take its hash and search for similar hashes (virustotal gives your the option of enter hashes)...

The real important question here is where the file came from. Just because you visited buzzfeed doesnt mean it downloaded from there. You can look at the webpage's source code to see if anyone has tampered with it or your network connection. This is a common was Cross Site Scripting attacks are performed (basically a bit of javascript is embedded/linked to a real site that does something malicious).

Good luck and have fun!

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.