Network Security: Detailed info on [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

[Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48

from [Stejerean, Cosmin] Network Security

[Permanent Link]

Subject:	[Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48
Date:	Thu, 27 Oct 2005 14:00:04 -0500

If your altered virus sample

?> still executes correctly, you have simply created a new virus
?> variant.


Not exactly, please look at this virustotal.com log
http://www.securityelf.org/updmagic.html

The altered (120 bytes prepended) TXT_* variant is STILL detected by your
product (CA), but when I change the first byte from "Z" to "M" - your
product
fails (MZ_* variant).


The virus scanner determined the type of the file by the header and it
failed. That's bad news. I am wondering however, when I execute that file,
how does the OS process the file? I guess my question is, if I have a
modified version of a virus, with whatever header, if I try to execute that
file, will the virus code get executed?


Cosmin Stejerean

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48, Stejerean, Cosmin <= RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48, auto445789 RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48, Martijn Lievaart RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48, Nick FitzGerald

Previous by Date:	Re: [Full-disclosure] Question about ethics when discovering a securityfault in system, Morning Wood
Next by Date:	[Full-disclosure] RFID docs & tools ?, Mark Sec
Previous by Thread:	[Full-disclosure] Hasbani-WindWeb/2.0 Remote DoS [ with exploit ], Expanders
Next by Thread:	RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48, auto445789
Indexes:	[Date] [Thread] [Top] [All Lists]