-
October 29th, 2005, 01:33 PM
#1
Defeating AV
Andrey Bayora (GCIH, dontja know) has released an advisory regarding an insertion-style attack to slide certain malicious content past many antivirus products.
http://www.securityelf.org/magicbyteadv.html and the accompanying white paper
http://www.securityelf.org/magicbyte.html
describe fooling text-parsing routines by prepending executeable-looking file headers. The additional data is ignored by the victim's system, while the A/V sees it and stops evaluating the file before encountering the malicious script, code, etc. Andrey has let us know he has been contacted by some vendors, and that he is aware that Trend has issued a letter to their customers on this issue.
http://isc.sans.org/diary.php?storyid=794
SANS - Internet Storm Center - Cooperative Cyber Threat Monitor An Alert System
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|