Never trust solutions from unknown sources !

Would you run an EXE file downloaded from the net without running it through an Anti Virus ?

I guess the answer is no.

Would you open a source code i.e. Visual Studio Solution downloaded from the net in Visual Studio ?

I guess the answer is yes.

Well Think Again or just download this source code and double click the .sln file.

What you will witness is a Visual Studio exploit that enables a hacker to execute arbitrary code on your station as soon as you open the .sln file.

Following is the full explanation of the exploit:

If a UserControl is used in A windows Formular (Designer). Visual Studio execute the _Load function inside the User_Control. It is possible to add malware code inside this _Load function. Sample attack scenario: I send a solution file (.sln) to my victim which have visual studio installed. He opens the solution and the sample formular. Visual Studio execute the backdoor inside the _Load function and I have access to his computer.

So what is there to to do ?

1. Never trust solution from unknown source.
2. Immediately change the CS editor from 'CSharp Form Editor' to 'CSharp Editor' (i.e. from the form editor to the text editor) - Right click on cs file in the solution explorer and choose 'Open With' choose the 'CSharp Editor' and click 'Set as default' and then on the OK button.

Please note : The action proposed here is not the ideal as it will not eliminate the attack but only prevent the automatically execution of the code.

Disclaimer:

This exploit isn’t new and was reported sometime around January but as it was presented today at the Israel Security UG by Nimrod Luria I’ve decided to have a post on this issue in order to have people aware of its existence.

Check here the original report by Team Priestmasters Security Research and download their vs exploit sample