Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

FW: [Full-Disclosure] JPEG AV Detection

from [Todd Towles] Network Security [Permanent Link]
Subject: FW: [Full-Disclosure] JPEG AV Detection
Date: Tue, 28 Sep 2004 14:26:26 -0500 
 What exactly are the AV products detecting in the JPEG exploits? Barry
and I was talking about how impressed we were that the AV companies
jumped on this one and detection was pretty fast. But is the detection
so generic that a variant will bypass? Is the detection based on a
original exploit that could be modified in a way that makes it
"undetectable" right now?

-Todd

-----Original Message-----
From: Barry Fitzgerald [mailto:bkfsec@sdf.lonestar.org] 
Sent: Tuesday, September 28, 2004 1:55 PM
To: Todd Towles
Subject: Re: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1933 -
20 msgs

Todd Towles wrote:


Yep, really surprised. Just hopefully the invalid data that is being 
detected can't be changed or worked in a work that would bypass normal 
detection. Once the file is renamed to a BMP or a GIF, you confuse the 
whole thing even more.

Are the AV products hitting on a part of the original exploit? Can this



part be changed in a future version to make it "undetectable". I am 
very impressed at the work of the AV companines on this one, but I also



know that is this detection is too simple, that it will be bypassed.

 


I'm not sure what they're specifically detecting.  This may be a good
question for the list.

             -Barry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] Michael Stift/IT/apss/at ist außer Haus., Michael Stift
Next by Date:  RE: FW: [Full-Disclosure] JPEG AV Detection, Aaron Horst
Previous by Thread:  [Full-Disclosure] Michael Stift/IT/apss/at ist außer Haus., Michael Stift
Next by Thread:  Re: FW: [Full-Disclosure] JPEG AV Detection, Gerry Eisenhaur
Indexes:  [Date] [Thread] [Top] [All Lists]