[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9E8559B1F0051F4DAB5B31FD372402580316EF06@haydn.cti.depaul.edu>
Date: Fri Oct 28 01:43:53 2005
From: cosmin at cti.depaul.edu (Stejerean, Cosmin)
Subject: RE: Full-Disclosure Digest, Vol 8, Issue 48
>> If your altered virus sample
?> still executes correctly, you have simply created a new virus
?> variant.
>
>Not exactly, please look at this virustotal.com log
>http://www.securityelf.org/updmagic.html
>
>The altered (120 bytes prepended) TXT_* variant is STILL detected by your
>product (CA), but when I change the first byte from "Z" to "M" - your
>product
>fails (MZ_* variant).
The virus scanner determined the type of the file by the header and it
failed. That's bad news. I am wondering however, when I execute that file,
how does the OS process the file? I guess my question is, if I have a
modified version of a virus, with whatever header, if I try to execute that
file, will the virus code get executed?
Cosmin Stejerean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3726 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051027/2506e5f8/smime.bin
Powered by blists - more mailing lists