Is there any danger to downloading a malware binary, but not executing it?

I recently downloaded an ELF file which was discovered from an exploit attempt (wget to download this binary failed due to outgoing traffic being blocked if it isn’t whitelisted). I downloaded it into a VM in order to run some basic analysis on it and uploaded it to virustotal.

My question is, absent some sort of terrible vulnerability in how curl downloads files or how analysis tools handle the files, is there any danger to a binary simply being on your system, without it ever being executed?

Will this Setup Protect My Data Files from Malware (e.g. Ransomware)?

I set up an external drive for data backup (an SD card inside my laptop card slot). In addition, I connect with a cloud drive for offsite backup (an app that I run only when syncing files).

I always sign in and use my laptop as a ‘standard’ user. My external drive is set for UAC ‘read’ privilege only.

I then set my data sync app to run as admin only – meaning I need to type in the admin password before data can be synced to my external drive and to the cloud.

Of course I will remain vigilant about keeping OS and apps updated and avoid clicking email links or downloading unsolicited payloads,etc. — but in case I miss something and a ransomware comes through, will my Win 10 system stop that ransomware from encrypting my external drive?

How to formally prove the dependencies of a computer malware?

I’m in the process of the writing a thesis. A small part of it is to prove that certain malware have certain dependencies which must first be satisfied before they are successful in infecting the host. For instance, a virus must first get on the host and then start executing before infection.

  • Dependency 1: getting on the host
  • Dependency 2: executing

We know these dependencies to be true from experience and common sense, however, how would be go about formally proving these in computer science? I am not asking for all the proofs (I realize that that’s my job!), but just how to approach them since right now I see no way to formally prove it.

A technician injected malware into my computer without my knowledge

So this fixer that I asked to fix my busted front audio ports injected my PC with KMS-R@in in order to get rid of the activate windows watermark without my consent/knowledge, and it gave me Floxif.E and Floxif.H, and updated the drivers to fix the back ports, which wasn’t even what I asked him for, is there any legal action I can do to make him take responsibility?

By the way, his store’s affiliated with/backed by ASUS.

Should Anti Virus and Anti Malware layer be the first layer in web application stack or can it seat behind services?

Can you have Anti Virus and Anti Malware layer sitting deep with the microservice layer and have the malicious file flow through all the services ? Argument being the file is in memory and not getting processed until the service we will put the Anti Virus and Anti Malware layer on.

Shouldn’t this be stopped at the routing layer of the application?

How to test a peripheral for malware and more?

My concerns here are of devices like the Rubber Ducky, Bash Bunny, malware-infected USBs and other software-related risks. This does NOT cover hardware risks like the USB Killer.

I currently don’t have a separate computer I can plug things into and let them run wild. I only have an Ubuntu machine that can run VMs like on VirtualBox. I may come across a stray USB and get curious and I’d like to check what’s in that USB. Let’s assume plugging it in won’t physically damage my PC like the USB Killer would.

How can I safely plug in the peripheral (most likely a USB but it can be anything like an audio jack or Ethernet port) to test it? How can I extract the contents of the device without damaging my machine? (I’d prefer to do all this without having to take the device apart)

Can I surf the internet with a Virtual Machine not trying to malware test but may run into some

For this project I want to access software using a VM that may contain malware but I won’t be trying to malware test. I understand that malware can breach but are there any precautions to use the internet and not have the malware come back into my host machine and host network?