bug in NORTON ANTIVIRUS FOR WINXP

[hUNT3R]

I found a bug in NORTON ANTIVIRUS FOR WINXP

I think after testing this with 3 other pc's i think i have found a bud in product ./// NAV 2002 for winxp


demonstration
http://www.geocities.com/visitbipin/navbug.zip

______________________________________________


Test environment ...| winxp pro./admin. , 700E Mhz intel processor... Norton antivirus 2002, processor/Hard drive used > less than 10 % of its actual capacity....|... heee... it means the computer has lots of unused resource and is not overloaded with works/batch jobs...etc|

Note :-I have just tested this exploit in Norton antivirus 2002 running winxp |


Simple BACKGROUND.

ok as everybody know....
1). windows can only make certain number of directory >>> inside directory >>> inside directory... i mean to say .... ok look at this infinite loop and you will understand

________
:hUNT3r
md 1
cd 1
goto hUNT3r
____________

if a batch program is created and executed.... from the above code it seems like the program will create infinite number of directories... into an folder... again... again ... and again...
but actually that's false ... windows can't create more than 120 sub directories inside a directory so in the above code... windows will create... 1\1\1\1\1\\1\1\1\1... up to nearly 120 directories.....\1\........ if made in c:\ (root) and then it can't create and continue with the infinite loop but with a error... 'cannot find the path specified'

windows nt/xp tries it to execute on the basis of priority.... i mean to say.... it first assumes it to be *.com file and tries to execute it as *.com , then exe... chm...bat.... etc (actually i forgot the sequence) ... anyway....
so if a trojan renames itself to hUNT3r.dll and calls a bat job to execute it... win nt/xp execute's it as hUNT3r.exe .... regardless of its extension....

so the exploit begins...

HOW TO EXECUTE A VIRUS / TROJAN IN WINDOWSXP >>> RUNNING NORTON ANTIVIRUS 2002 EVEN WHEN AUTO-PROTECT IS ON ??? >>>SO THAT NORTON DON'T CLAME IT AS A VIRUS AND LET IT EXECUTE....

ok as i told above ... windows cant create more than 120 sub-directories (in fat32 <i haven't tried it on ntfs and fat... go try it...>>>

it seems amazing... but if a Trojan or virus is in the 120th { sometimes... in between 118-120th... if it is in root drive } directory or may be the last directory that windows can support....... Norton skips this file ???why??? to scan....!!! and let it execute even it is a trojan..../ virus... |ok i understand ... my English is very poor and you are bit confused.... ok .... you will understand me .. when you will extract the begin.exe .... in a folder named ' begin ' ((( it will extract in c:\ >>>root>>>let it be there where it is ... don't change the path or it won't work.... because it is properly calculated for demonstration.. ... ))) $$$ A hacking tool... not a virus... but norton calms it to be a virus...heee...will be extracted in the last directory 119th subdirectory... that windows supports}}} ... double click the begin.bat... it will start a batch program and call the hacking tool to execute... if you do a virus scan manually ... i am 100 % sure Norton clams it to be a hack.tool <<< but but when it executes ... norton remains silent... so guess what...???

you can ship trojan or port bombers to your network (running winxp with nav 202) ... and execute it without the notification of admin..../nav because i am sure you don't have right to disable antivirus and antivirus don't allow you to run such program (temporarily) in your network right....

have fun....

[hUNT3RRR]

Secuerity-focus.com SUCK's!

I was wondering why The NAV 2002 bug/exploit discoverd by me [archived with few other bugs too...] was not published in securityfocus.com and made PUBLIC
http://www.blackcode.com/forums/viewtopic.php?t=4963

I did got few email's from them but i didn't see the bug on their website...

Here is the answer...

http://www.blackcode.com/news/view.php?id=396

Victims have included the Washington-based SANS Institute, which offers security training for technology professionals; Security Focus, now owned by Symantec Corp.; and Attrition.org, a site run by experts who formerly tracked computer break-ins. Other victims included McDonald's Corp. and the online security department for Exodus Communications Inc., now part of London-based Cable & Wireless plc.
[Yap, 9'th paragraph...] :?

sorry i didn't mean to use that foul language... I finally realised it's antionline.com

sorry, mods...