Re: Overloading AV software, was Question about Viruses

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 7/7/06, Richard M. Smith <rms () bsf-llc com> wrote:
> >>> But for the most part massimo is right, it's a dumb strategy
>
> Hmm, what if the bad guys overloaded a user with virus warning messages as a
> stratergy to get people to turn off their AV software.  For example, could a
> Web page download a few hundred image files with known virus signatures
> tacked on the end of each file in order to make AV software go nuts?  Could
> the same trick be used in an HTML email message?
>
> I already have an HTML application that is triggering false positives in
> Symantec because Symantec thinks a bit of VBScript code I wrote is a
> malicious code.

Thats what you get for using symantec ;-)

If you want to stop this, just cut and paste half of the .vbs code
into two different txt files and then scan copies of each to see which
one is detected, then repeat this with a copy of the txt file that was
identified as a virus until you get to the smallest bit of code that
is still "detected" as a virus.

Change the code and voila', no more virus :-)

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.