lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: "Vincent DUVERNET (Nolmë Informatique) ("Vincent DUVERNET (Nolmë Informatique))
Subject: Re: Bypass of 22 Antivirus software with GDI+ bug
 exploit Mutations - part 2

Symantec found something that other editor didn't ? Whoaw, impressive 
for a software which let go throw 700 malwares on PC ;p

About Panda Software version, you've used on old version of Internet 
Security 2004 which is actually : 8.05.02 (don't found anything too)
Internet security 2005 is : 9.01.02


Andrey Bayora wrote:

>The first part is here:
>http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0475.html
>
>First, this post isn?t about ?how dangerous GDI+ bug or malicious JPEG
>image?, but ?how good? is your antivirus software.
>
>The issue is: only 1 out of 23 tested antivirus software can detect
>malicious JPEG image (after 6 month from the public disclosure date).
>
>Here is the link to results, JPEG file and my paper (GCIH practical)
>that describes how to create this one:
>http://www.hiddenbit.org/jpeg.htm
>
>This one vendor (Symantec) that can detect it, obviously do it with the
>?heuristic? detection (I don?t work for them and didn?t send them any
>file, moreover I know cases when Symantec didn?t detect a virus that
>?other? vendors do).
>ClamAV antivirus detected this JPEG file 4 month ago, but strangely
>can?t detect it now.
>What happened?
>What about 22 antivirus software vendors that miss this malicious JPEG?
>The pattern or problem in these JPEG files is known and still many
>antivirus software vendors miss it, did it can represent the quality of
>heuristic engines?
>
>OK, we know that any antivirus software can provide 100% protection?
>
>P.S.  After my first post (October 14,2004) about this problem ? all
>antivirus software vendors added detection to the demo file provided by
>me in couple of hours. Sadly for me, but it seems that they prefer
>?playing cat and mouse? and not improve heuristic engines?
>
>Regards,
>Andrey Bayora.
>CISSP, GCIH
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ