documents343[dot]hq-office[dot]us, which various online sources classify as a malware site.
I'm on a recently-updated macOS and I'm just hoping the site targets like IE-on-Windows XP or something, but is there any way to know? Is there a resource that will tell me “this site exploits CVE-??? and if you are on Safari 15.3 or later you won't be affected”?
=> More informations about this toot | More toots from jni@fosstodon.org
@jni
hybrid-analysis.com and urlscan.io asre good places to check a URL. I dropped your URL into HA, here is the overview report and here is the specific analysis (which is linked from the first one under sandbox.
You can ask HA to test it using a MacOS sandbox, but I'm not positive how to do that, so I did Win10. It looks to me like it pulls down files and executes them. So, even if crafted for Mac, if you didn't see/approve an execution, I doubt you have much to worry about.
[#]infosec #malware
=> More informations about this toot | More toots from ktneely@infosec.exchange
@ktneely Thanks so much! I’d found urlscan which is where I got my “various online sources” malware classification, but it's a big gap from “this site has malware” to what you found with the HA sandbox. 🙏🙏
Is it really that easy to run an executable from a web browser on Windows???
My worry was whether there are exploits that allow you to bypass macOS's executable permissions. It sounds like that's unlikely, though. (Indeed I was never asked to download or run a thing. 😅)
Thanks again!!!
=> More informations about this toot | More toots from jni@fosstodon.org This content has been proxied by September (3851b).Proxy Information
text/gemini