Network Security: Detailed info on Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability

from [Dave English] Network Security

[Permanent Link]

Subject:	Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through
Date:	Thu, 27 Oct 2005 07:21:46 +0100

In message <019d01c5d96c$87e6ea80$0501a8c0@home>, Andrey Bayora <andrey@securityelf.org> writes

Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through
forged magic byte.


Interesting

Have you considered the possibility that some vendors at least may include with each virus signature a set of file formats for which the signature is valid, or just a flag to signify "all formats"?

If so, then the vendors will consider themselves not vulnerable, they can simply update their virus definitions when and if variants with different headers appear.

Even with 1:1 file format signatures, a vendor could presumable include multiple virus definitions for one virus, one per file format, as required

...

For more details, screenshots and examples please read my article "The Magic
of magic byte" at www.securityelf.org

...
--
Dave English                      Senior Software & Systems Engineer
                             Internet Platform Development, Thus plc

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andrey Bayora Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Dave English <= Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andreas Marx Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andrey Bayora Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, mgotts Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andrey Bayora

Previous by Date:	Remote File Inclusion in vCard :), [AT]
Next by Date:	Re: Mozilla Thunderbird SMTP down-negotiation weakness, Bob Beck
Previous by Thread:	Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andrey Bayora
Next by Thread:	Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andreas Marx
Indexes:	[Date] [Thread] [Top] [All Lists]