Security Basics mailing list archives
Re: Looking for a Trojan
From: dan.crowley () gmail com
Date: Thu, 22 Jan 2009 07:02:34 -0700
I actually just wrote about the inherent flaws in AV systems in my blog here... http://s148954166.onlinehome.us/2009/01/18/determining-legitimacy-the-inherent-problem-with-bad-detectors/ For those of you uninterested in reading the whole blog entry, it boils down to this: There are certain items which anti-virus systems will never detect, which can be used in a malicious way. Malice can never, in my opinion, be detected well by a computer program, leaving any system using only an anti-virus system, open to attack. Want to Trojan his system in a way his AV will never detect? Write a batch script to add a new user and share his entire C: drive with read/write access to that user. Want to prove my point? Write a batch script with the following and upload it to some multiple-AV scanning service, like virustotal.com: del /F /S /Q C:\*.* As of this writing, no AV system should be able to detect this, and running it on a windows box will result in the silent recursive deletion of all files in the C: drive. And in fact, you could even just show him the results of that scan. 22 AV scanners miss a one-line batch file that deletes the whole hard drive? Somewhat disheartening, isn't it?
Current thread:
- RE: Looking for a Trojan, (continued)
- RE: Looking for a Trojan Nick Vaernhoej (Jan 20)
- Re: Looking for a Trojan michael (Jan 20)
- Re: Looking for a Trojan Adam Pal (Jan 20)
- Re: Looking for a Trojan Shreyas Zare (Jan 20)
- RE: Looking for a Trojan David Harley (Jan 20)
- Message not available
- Re: Looking for a Trojan Shreyas Zare (Jan 20)
- RE: Looking for a Trojan Nick Vaernhoej (Jan 20)
- Re: Looking for a Trojan David Maus (Jan 20)
- Re: Looking for a Trojan Wagner Brett (Jan 21)
- Re: Looking for a Trojan Javier Reyna Padilla (Jan 20)
- Re: Looking for a Trojan ArcSighter Elite (Jan 27)
- Re: Looking for a Trojan dan . crowley (Jan 22)
- Re: Looking for a Trojan Eitan Adler (Jan 22)
- Re: Looking for a Trojan Sarapan (Jan 23)