On Mon, 29 Oct 2007, Dude VanWinkle wrote: > Wow, just wow.. > > from: > http://www.beskerming.com/commentary/2007/10/29/296/When_AntiVirus_Products_(and_Internet_Explorer)_Fail_you > http://tinyurl.com/28vtzh > > When Didier Stevens recently took a closer look at some Internet > Explorer malware that he had found, something surprised him somwehat. > He discovered that the IE-targeted malware had been obfuscated with > null-bytes (0x00) and when run against VirusTotal, he found that fewer > than half of the products identified the sample as malware (15 of 32). > When all null-bytes were removed, the chances of successful detection > improved, though not as much as would normally be expected (25 of 32 > detections). > > When Didier tried adding more null-bytes to the sample he found that > the number of successful detections decreased steadily until, with 254 > 0x00 bytes between each character, McAfee was the last one standing. <big grin>
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
