Multiple anti-virus software evasion
Multiple Anti-virus software evasion
Anti-virus software from McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV are known to be vulnerable to an evasion attack where the attacker is able to craft a compressed file (zip) with malicious code and evade the scanning by anti-virus software.
The problem is caused by incorrect handling of header information within the zip file. Some anti-virus software would skip the scan for files that has zero size as indicated by the header. The header size information does not affect the decompression of the zip file.
Reference: http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true
Keep chasing Botnets
We have received numerous submissions of Botnets and we are working with authorities to shut them down. Thanks to all who have submitted info to us. If you have any info on Botnets, feel free to send it in.
------------------
Jason Lam, jason /AT/ networksec.org
Anti-virus software from McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV are known to be vulnerable to an evasion attack where the attacker is able to craft a compressed file (zip) with malicious code and evade the scanning by anti-virus software.
The problem is caused by incorrect handling of header information within the zip file. Some anti-virus software would skip the scan for files that has zero size as indicated by the header. The header size information does not affect the decompression of the zip file.
Reference: http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true
Keep chasing Botnets
We have received numerous submissions of Botnets and we are working with authorities to shut them down. Thanks to all who have submitted info to us. If you have any info on Botnets, feel free to send it in.
------------------
Jason Lam, jason /AT/ networksec.org
Keywords:
0 comment(s)
My next class:
Cloud Security for Leaders | Washington | Dec 13th - Dec 17th 2024 |
×
Diary Archives
Comments