funsec mailing list archives
RE: Overloading AV software, try #2
From: "Richard M. Smith" <rms () bsf-llc com>
Date: Fri, 7 Jul 2006 16:47:36 -0400
The goal of the 200 warning messages is to get someone to turn off their AV software and not to immedieately infect their machine. Richard -----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Friday, July 07, 2006 4:38 PM To: Richard M. Smith Cc: 'FunSec LList' Subject: Re: [funsec] Overloading AV software, try #2 On Fri, 07 Jul 2006 16:24:53 EDT, "Richard M. Smith" said:
My question is about overloading the user with warning messages, not
DoSing
a box. Let me try asking my question a different way. If an AV software package suddenly sees 200 virus files being written to a hard drive, will
it
present to the user 200 individual warning messages about these virus
files? Depends on its design. At that point, the more important question is how/why the source is able to write 200 files that could potentially be viruses onto the disk - that indicates a massive sandbox failure on the part of the MUA or browswer or whatever. (And yes, I know it's *theoretically* possible that a webpage have 200 alledged jpeg's on it that have malformed headers that cause a buffer overrun and a code exploit - but if you have *that*, you just want to send *one* so you can try to fly under the wire...) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Question about Viruses, (continued)
- Re: Re: Question about Viruses Drsolly (Jul 07)
- Re: Re: Question about Viruses Dude VanWinkle (Jul 08)
- Re: Re: Question about Viruses Peter Kosinar (Jul 08)
- Re: Re: Question about Viruses Drsolly (Jul 08)
- Re: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- RE: Overloading AV software, was Question about Viruses Peter Kosinar (Jul 07)
- Re: Overloading AV software, was Question about Viruses Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- RE: Overloading AV software, try #2 Drsolly (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Peter Kosinar (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Drsolly (Jul 08)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Peter Kosinar (Jul 07)