On 11/07/12 23:50, Kevin Day wrote:
My final list of possibly naughty things uploaded. I know some of these are pretty harmless (html being appended to jpegs), and most are just encrypted RARs appended to images or encrypted PDF files. I don't know if there's a policy on barring encrypted files but I can't really think of a good reason to have them anywhere in commons.
[Found exploit] <CVE-2009-0658 (not disinfectable)> /z/public/pub/wikimedia/images/wikisource/ar/7/7d/الحراب_في_صدر_البهاء_والباب.pdf [Found exploit] <CVE-2009-0658 (not disinfectable)> /z/public/pub/wikimedia/images/wikisource/ar/b/be/السنة_لابن_حنبل.pdf
Already checked.
IPhone31-* and IPod41-* files, plus Ifaithipsw.jpg and Snowbreeze295.jpg were all uploaded by IcisTececoy user. (all but one were already deleted). I have just banned him.
[Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/c/c4/Test1.rar.jpg->(appended)
Uploaded by Danielito132, which seems a puppet of IcisTececoy. Also note by this user Test2.part01.rar.jpg, Test2.part02.rar.jpg, Thus_contumely.jpg, IThus_contumely.jpg all of them with embedded rar files. Deleted and blocked.
[Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/0/0d/PAY_SLIP_078322_Aug_2011_Tony.pdf->OBJ001 [Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/f/fb/PAY_SLIP_078470_Aug_2011.pdf->OBJ001
Already deleted. Both by the same user.
[Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/0/0e/11013739714-ASKxxxxx0M-G4_ITR-V.pdf->OBJ001 [Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/0/0a/ICICI_MAY2011.pdf->OBJ001 [Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/c/c7/HDFC_BANK-_310711_(1).pdf->OBJ001
[Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/c/cc/Ch1A.pdf->OBJ001 [Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/f/f5/Ch3Q.pdf->OBJ001 [Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/d/d3/Dev26.pdf->OBJ001
Short-lived files uploaded by an admin "This upload is part of a speed and endurance test for an application and bot platform I've been developing."
[Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/c/cb/احراز_هويت_مشتریان_در_خدمات_بانک_ملت.pdf->OBJ001
Deleted
[Found exploit] <IFrame.gen (exact, not disinfectable)> /z/public/pub/wikimedia/images/wikipedia/commons/c/c2/Votantes-1924.jpg->(appended)
Already deleted. Looks like the hosting iframe.
[Found exploit] <IFrame.gen (exact, not disinfectable)> /z/public/pub/wikimedia/images/wikipedia/commons/c/ce/Silvana_Suárez_6.jpg->(appended) [Found exploit] <IFrame.gen (exact, not disinfectable)> /z/public/pub/wikimedia/images/wikipedia/commons/7/7c/Silvana_Suárez_7.jpg->(appended)
More instances of the web-hosting iframe. The AV is being a bit paranoid here.
[Found exploit] <HTML/IFrame (exact, not disinfectable)> /z/public/pub/wikimedia/images/wikipedia/commons/f/f8/Old_Jinan_Station_04.jpg->(appended)
A slightly different iframe here.
/z/public/pub/wikimedia/images/wikipedia/commons/0/0a/Joseon-Kang_Huian-Gosagwansudo.jpg: HTML.Spy.IMG-1 FOUND /z/public/pub/wikimedia/images/wikipedia/commons/c/c0/The_Qing_Dynasty_Cixi_Imperial_Dowager_Empress_of_China_On_Throne_5.JPG: HTML.Spy.IMG-1 FOUND
More web-hosting iframes.
[Found exploit] <CVE-2004-0200 (not disinfectable)> /z/public/pub/wikimedia/images/wikipedia/commons/9/9d/Exploit-MS04-028.proof.jpg
MS04-028 proof of code. Not sure why it was uploaded...
[Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/9/9b/VADOFONE_DEC.pdf->OBJ001 [Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/d/d7/Citibank_Account_Statement-20110501_TO_20110705.pdf->OBJ001
By the same user. Deleted.
[Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/4/49/ICICI_JUN2011.pdf->OBJ001 [Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/f/fd/ICICI_JUL2011.pdf->OBJ001
By the same user. Deleted.
[Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/9/9a/Farsinameh-Final_Draft.pdf->OBJ002 [Unscannable] <File is encrypted> /z/public/pub/wikimedia/images/wikipedia/commons/f/f9/Farsinameh-abridged_English_version.pdf->OBJ002
These don't seem to be encrypted. They are displayed fine.