Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]

From: bipin gautam <visitbipin () yahoo com>
Date: Sat, 2 Oct 2004 10:57:52 -0700 (PDT)
 

OK.  I  just wrote new super antivirus. It's
databases currently consist
from  only  eicar.com  signature  (I'm very new in
this business) but it
100% detects EICAR in the file with removed
permissions :)

http://www.security.nnov.ru/files/antieicar.zip



Now, there is at least one antivirus to break your
statement :)




good example 3APA3A to teach those software companies
howto, 

anyways... here is a archive, 

http://www.geocities.com/visitbipin/antiPOC.zip

Extract the archive by using "DEFAULT ZIP MANAGER" of
windows xp. It will create a file "NULL.con" (O;
within which there is a "eicar test string file". 

I don't think your super AV will detect the "eicar
test string file" withing "NULL.con" folder??? :)

anyways... let me know HOW? when you figure out to how
to delete "NULL.con" directory.



 You  can  add Kaspersky 4.5x to the list of products

you can bypass this
way.  Previous  KAV  4.0  versions  (and  3.x 
version,  actually it was
F-Secure  engine)  had kernel driver and it was used
during manual scan,
probably  these version are not vulnerable. I didn't
saw 5.x yet, but it
is expected to be vulnerable too.

F-Secure  (at  least  older  versions)  should  not
be vulnerable, but I
didn't tested.



                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: