<<< Date Index >>>     <<< Thread Index >>>

Re: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through



In message <019d01c5d96c$87e6ea80$0501a8c0@home>, Andrey Bayora <andrey@xxxxxxxxxxxxxxx> writes
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through
forged magic byte.

Interesting

Have you considered the possibility that some vendors at least may include with each virus signature a set of file formats for which the signature is valid, or just a flag to signify "all formats"?

If so, then the vendors will consider themselves not vulnerable, they can simply update their virus definitions when and if variants with different headers appear.

Even with 1:1 file format signatures, a vendor could presumable include multiple virus definitions for one virus, one per file format, as required

...

For more details, screenshots and examples please read my article "The Magic
of magic byte" at www.securityelf.org
...
--
Dave English                      Senior Software & Systems Engineer
                             Internet Platform Development, Thus plc