Stealth.

[Dave Aitel <dave () immunitysec com>]

Here's another shellcode paper for people who like that sort of thing: 
http://www.ngssoftware.com/papers/WritingSmallShellcode.pdf

It's good, although it will fail on certain 2k/XP configurations with a 
. in the pathname. To correct it, might need some more bytes to do a 
getsystemdir and strcpy, etc. I have some really non-optimized code in 
Shellcoder's that does that. I would also have added a 7. Consider using 
a special purpose assembler that brute forces the smallest way to 
assemble it.

If everyone knows what you look like, your only option for stealth is to 
try to make everyone look like you.

-dave