lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 05 Mar 2005 13:05:55 +0100
From: "Vincent DUVERNET (Nolmë Informatique)" <vincent.duvernet@...me.com>
To: Andrey Bayora <andrey@...denbit.org>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: Bypass of 22 Antivirus software with GDI+ bug
 exploit Mutations - part 2


Symantec found something that other editor didn't ? Whoaw, impressive 
for a software which let go throw 700 malwares on PC ;p

About Panda Software version, you've used on old version of Internet 
Security 2004 which is actually : 8.05.02 (don't found anything too)
Internet security 2005 is : 9.01.02


Andrey Bayora wrote:

>The first part is here:
>http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0475.html
>
>First, this post isn’t about “how dangerous GDI+ bug or malicious JPEG
>image”, but “how good” is your antivirus software.
>
>The issue is: only 1 out of 23 tested antivirus software can detect
>malicious JPEG image (after 6 month from the public disclosure date).
>
>Here is the link to results, JPEG file and my paper (GCIH practical)
>that describes how to create this one:
>http://www.hiddenbit.org/jpeg.htm
>
>This one vendor (Symantec) that can detect it, obviously do it with the
>“heuristic” detection (I don’t work for them and didn’t send them any
>file, moreover I know cases when Symantec didn’t detect a virus that
>“other” vendors do).
>ClamAV antivirus detected this JPEG file 4 month ago, but strangely
>can’t detect it now.
>What happened?
>What about 22 antivirus software vendors that miss this malicious JPEG?
>The pattern or problem in these JPEG files is known and still many
>antivirus software vendors miss it, did it can represent the quality of
>heuristic engines?
>
>OK, we know that any antivirus software can provide 100% protection…
>
>P.S.  After my first post (October 14,2004) about this problem – all
>antivirus software vendors added detection to the demo file provided by
>me in couple of hours. Sadly for me, but it seems that they prefer
>“playing cat and mouse” and not improve heuristic engines…
>
>Regards,
>Andrey Bayora.
>CISSP, GCIH
>
>  
>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ