> Consequently, the issue that you describe is *not* a
> vulnerability issue, but rather just an example of a new variant
> that has not yet been added to an AV vendor's database of "known
> viruses".
>
yap, maybe* but i consider this issue equv. to the 'classic issue' of
adding NOP to the shell-c
> Especially in case of EXEs, AFAIK not all EXEs has the same 'MAGIC BYTE'
> (MZ). MZ only appears in the first two bytes of Win32 executable files.
Just for the curiosity: if you'll change "MZ" to "ZM" then the 16-bit
executables (MZ and NE executables) will still run and 32-bit (PE) executables
" <[EMAIL PROTECTED]>
Cc: "'Andrey Bayora'" <[EMAIL PROTECTED]>;
;
Sent: Thursday, October 27, 2005 8:25 AM
Subject: Re: [Full-disclosure] Multiple Vendor Anti-Virus Software
DetectionEvasion Vulnerability through forged magic byte
> > Especially in c
s @ AV Schools ;-)
Maybe...:)
>
>
> - Tr0y (www.hackingspirits.com)
>
>
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Andrey
> Bayora
> Sent: Tuesday, October 25, 2005 8:38 AM
> To: full-disclosure@lists.gr
TED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andrey
Bayora
Sent: Tuesday, October 25, 2005 8:38 AM
To: full-disclosure@lists.grok.org.uk
Cc: bugtraq@securityfocus.com
Subject: [Full-disclosure] Multiple Vendor Anti-Virus Software
DetectionEvasion Vulnerability through forged magic byte
Multiple Ven