Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Multiple anti-virus software evasion - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Multiple anti-virus software evasion
Multiple Anti-virus software evasion

Anti-virus software from McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV are known to be vulnerable to an evasion attack where the attacker is able to craft a compressed file (zip) with malicious code and evade the scanning by anti-virus software.


The problem is caused by incorrect handling of header information within the zip file. Some anti-virus software would skip the scan for files that has zero size as indicated by the header. The header size information does not affect the decompression of the zip file.
Reference: http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true
Keep chasing Botnets

We have received numerous submissions of Botnets and we are working with authorities to shut them down. Thanks to all who have submitted info to us. If you have any info on Botnets, feel free to send it in.


------------------

Jason Lam, jason /AT/ networksec.org
Jason

93 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!