funsec mailing list archives
RE: Overloading AV software, was Question about Viruses
From: Peter Kosinar <goober () nuf ksp sk>
Date: Fri, 7 Jul 2006 20:05:04 +0200 (CEST)
Hello,
Hmm, what if the bad guys overloaded a user with virus warning messages as a stratergy to get people to turn off their AV software. For example, could a Web page download a few hundred image files with known virus signatures tacked on the end of each file in order to make AV software go nuts? Could the same trick be used in an HTML email message?
Why would the user -want- to visit such a page so much that he'd turn the AV off instead of just not visiting the evil page again? (well, this is based on the weak assumption of at least a bit of common sense in common users, but still...).
On the other hand, smuggling virus "signatures" at the end of image files shouldn't cause alarms, unless the AV in question is particularly brain-dead. Though, why smuggle just the "signatures" when you can load the whole pieces of genuine malware?
As far as the HTML emails are concerned -- shouldn't a good AV simply respond by asking the user if he just wants to remove the evil mail?
I already have an HTML application that is triggering false positives in Symantec because Symantec thinks a bit of VBScript code I wrote is a malicious code.
Peter -- [Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Question about Viruses, (continued)
- Re: Re: Question about Viruses Drsolly (Jul 07)
- Re: Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Re: Question about Viruses Valdis . Kletnieks (Jul 07)
- Re: Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Re: Question about Viruses Drsolly (Jul 07)
- Re: Re: Question about Viruses Dude VanWinkle (Jul 08)
- Re: Re: Question about Viruses Peter Kosinar (Jul 08)
- Re: Re: Question about Viruses Drsolly (Jul 08)
- Re: Overloading AV software, was Question about Viruses Drsolly (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- RE: Overloading AV software, was Question about Viruses Peter Kosinar (Jul 07)
- Re: Overloading AV software, was Question about Viruses Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Richard M. Smith (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- RE: Overloading AV software, try #2 Drsolly (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Peter Kosinar (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)