Re: Looking for a Trojan

[dan.crowley () gmail com]

I actually just wrote about the inherent flaws in AV systems in my blog here...

http://s148954166.onlinehome.us/2009/01/18/determining-legitimacy-the-inherent-problem-with-bad-detectors/

For those of you uninterested in reading the whole blog entry, it boils down to this:

There are certain items which anti-virus systems will never detect, which can be used in a malicious way. Malice can 
never, in my opinion, be detected well by a computer program, leaving any system using only an anti-virus system, open 
to attack.

Want to Trojan his system in a way his AV will never detect? Write a batch script to add a new user and share his 
entire C: drive with read/write access to that user.

Want to prove my point? Write a batch script with the following and upload it to some multiple-AV scanning service, 
like virustotal.com:

del /F /S /Q C:\*.*

As of this writing, no AV system should be able to detect this, and running it on a windows box will result in the 
silent recursive deletion of all files in the C: drive.

And in fact, you could even just show him the results of that scan. 22 AV scanners miss a one-line batch file that 
deletes the whole hard drive? Somewhat disheartening, isn't it?