funsec mailing list archives
Re: Overloading AV software, was Question about Viruses
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Fri, 7 Jul 2006 16:55:15 -0400
On 7/7/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
On Fri, 07 Jul 2006 13:34:08 EDT, "Richard M. Smith" said: > >>> But for the most part massimo is right, it's a dumb strategy > > Hmm, what if the bad guys overloaded a user with virus warning messages as a > stratergy to get people to turn off their AV software. For example, could a > Web page download a few hundred image files with known virus signatures > tacked on the end of each file in order to make AV software go nuts? Could > the same trick be used in an HTML email message? The system just goes 'Oink' or maybe casters-up. The basic idea of using a fork bomb or other resource consumer to DoS a box has been known since the mid 60s, not exactly news here.. ;) The system will either eventually scan all the content or bomb out - I don't know of *anybody* who has a product so brain dead that it will say "Wow, I've got 48 waiting to be scanned, let's just start giving them a free pass so I don't fall behind" (if anybody knows of one that bad, please name names so we can add some chlorine to the AV gene pool...) We had a nasty run-in with some malware that nested its zip payload down under multiple levels of MIME. Seems when it was more than 99 levels down, things got wonky and piggy. And even more wonky and piggy when you had several thousand of the beasts in the queue. (Yes, we whinged at the vendor, and they sent us a patch to make it a lot less a bacon source...)
The zip-bomb? I seem to remember McAffe or Symantec doing that
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Overloading AV software, try #2, (continued)
- RE: Overloading AV software, try #2 Drsolly (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Peter Kosinar (Jul 07)
- Re: Overloading AV software, try #2 Dude VanWinkle (Jul 07)
- Re: Overloading AV software, try #2 Drsolly (Jul 08)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- Re: Overloading AV software, try #2 Valdis . Kletnieks (Jul 07)
- RE: Overloading AV software, try #2 Peter Kosinar (Jul 07)
- RE: Overloading AV software, try #2 Drsolly (Jul 07)
- Re: Overloading AV software, was Question about Viruses Dude VanWinkle (Jul 07)
- Re: Overloading AV software, was Question about Viruses Valdis . Kletnieks (Jul 07)
- Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Question about Viruses Drsolly (Jul 07)
- Re: Question about Viruses Peter Kosinar (Jul 07)
- Re: Question about Viruses Drsolly (Jul 07)
- Re: Question about Viruses Dude VanWinkle (Jul 07)