| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9E8559B1F0051F4DAB5B31FD372402580316EF06@haydn.cti.depaul.edu> Date: Fri Oct 28 01:43:53 2005 From: cosmin at cti.depaul.edu (Stejerean, Cosmin) Subject: RE: Full-Disclosure Digest, Vol 8, Issue 48 >> If your altered virus sample ?> still executes correctly, you have simply created a new virus ?> variant. > >Not exactly, please look at this virustotal.com log >http://www.securityelf.org/updmagic.html > >The altered (120 bytes prepended) TXT_* variant is STILL detected by your >product (CA), but when I change the first byte from "Z" to "M" - your >product >fails (MZ_* variant). The virus scanner determined the type of the file by the header and it failed. That's bad news. I am wondering however, when I execute that file, how does the OS process the file? I guess my question is, if I have a modified version of a virus, with whatever header, if I try to execute that file, will the virus code get executed? Cosmin Stejerean -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3726 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051027/2506e5f8/smime.bin
Powered by blists - more mailing lists