Can a True Type Font contain any malware?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Is it possible for a True Type Font file to have any kind of
virus/spyware/malware?


Re: Can a True Type Font contain any malware?

says...
Quoted text here. Click to load it

It's possible for anything that appears to be a TTF to be something
else. Many malware hide as font.someextension.........exe.

It's not the extension that makes the file type, it's the contents.

Now, if you mean a real TTF, then, no, it can't contain malware strictly
speaking.

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Can a True Type Font contain any malware?

Leythos wrote:

Quoted text here. Click to load it

So if I install the TTF file in Windows and can see that it is an actual
font, then that means it cannot contain any malware?

Re: Can a True Type Font contain any malware?

says...
Quoted text here. Click to load it

No, there is always a chance that it can be a font and also contain
malware, but, why not scan it, actually scan all files, with an AV
scanner.

Oh, and you don't' "Install" fonts, you just copy them to the fonts
folder - what are you really doing?  

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Can a True Type Font contain any malware?

void@nowhere.lan says...
....
 
Quoted text here. Click to load it

Actually, you DO "install" fonts.
In the font folder, File, Install New Fonts, whether you get there via
Control Panel or Win Explorer.
Been this way since Win 95 (I disremember re Win3).

While just copying them in there usually works, it's preferred to
"install" them (registry notations and whatnot). Lots of proggie font
problems that occur can be corrected by deleting or moving the fonts out
the font folder and then "installing" them again rather than just
copying them in.

MM

Re: Can a True Type Font contain any malware?

moimoi@example.com says...
Quoted text here. Click to load it

The question still stands, I wonder what the OP was really trying to do
that they were concerned about a font containing malware.

--

spam999free@rrohio.com
remove 999 in order to email me

Re: Can a True Type Font contain any malware?

void@nowhere.lan says...
.....
Quoted text here. Click to load it

I assume he was just concerned re installing some freebie fonts he found
somewhere...

MM

Re: Can a True Type Font contain any malware?

MoiMoi wrote:

Quoted text here. Click to load it

Yeah, most sites that offer free fonts aren't really well known, so I
wanted to make sure it's clean.

Re: Can a True Type Font contain any malware?

Quoted text here. Click to load it

Well, a font does contain hinting, in the form of a program for the True
Type hinting virtual machine.  Basically, a True Type font contains a
mathematical description of the outlines of the glyphs, and then code,
in the form of assembly language for that virtual machine, to tweak the
glyphs for the particular sizes needed.

I haven't looked, in detail, at what is allowed in the language for that
virtual machine, but it is at least conceivable that a buggy
implementation of the virtual machine could allow the hints to cause a
buffer overflow and arbitrary code execution, and so could actually be
used as a vector for malware.

From overviews of what hinting code can do, though, it looks like it
would be pretty easy to design the virtual machine to be completely
safe.  On the other hand, I could easily see a developer worrying about
speed, and taking some shortcuts that would leave some holes (although I
think with glyph caching, there would be no noticeable impact on actual
system performance if the hinting virtual machine was slow).

I've never heard of any kind of malware using this mechanism, and I
don't recall seeing any security updates on any OS to address holes in
True Type font handling, so my guess is there isn't much to worry about
here.  (On the other hand, this would be a pretty damned obscure way to
attack--it is possible no malware authors have investigated it).

--
--Tim Smith

Re: Can a True Type Font contain any malware?


| Is it possible for a True Type Font file to have any kind of
| virus/spyware/malware?

If you can view a Font in the FontViewer then it is has no payload.

A DLL file could be renamed to TTF and be loaded via the Registry and HIDE in
the Font
directory.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline