zlacker
[parent]
[thread]
0 comments
1. fragme+(OP)
[view]
[source]
2018-07-29 15:14:37
If binaries are being downloaded, then the dynamically generated malicious script could pretend it's a checksum when really it's a unique tracking URL.
curl www.example.com/downloads/fooprogram/builds/D41D8CD98F00B204E9800998ECF8427E.tgz
If the time between the script being downloaded and that file being requested is large, serve the clean copy, else download the malicious binary.
[go to top]