funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Overloading AV software, was Question about Viruses

From: Peter Kosinar <goober () nuf ksp sk>
Date: Fri, 7 Jul 2006 20:05:04 +0200 (CEST)
Hello,


Hmm, what if the bad guys overloaded a user with virus warning messages as a
stratergy to get people to turn off their AV software.  For example, could a
Web page download a few hundred image files with known virus signatures
tacked on the end of each file in order to make AV software go nuts?  Could
the same trick be used in an HTML email message?
Why would the user -want- to visit such a page so much that he'd turn the AV off instead of just not visiting the evil page again? (well, this is based on the weak assumption of at least a bit of common sense in common users, but still...).
On the other hand, smuggling virus "signatures" at the end of image files shouldn't cause alarms, unless the AV in question is particularly brain-dead. Though, why smuggle just the "signatures" when you can load the whole pieces of genuine malware?
As far as the HTML emails are concerned -- shouldn't a good AV simply respond by asking the user if he just wants to remove the evil mail? 


I already have an HTML application that is triggering false positives in
Symantec because Symantec thinks a bit of VBScript code I wrote is a
malicious code.


Peter

--
[Name] Peter Kosinar   [Quote] 2B | ~2B = exp(i*PI)   [ICQ] 134813278
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: