> -----Original Message----- > From: morning_wood [mailto:se_cur_ityat_private] > Sent: Saturday, 9 August 2003 12:38 p.m. > To: Miguel Ibarra; Levinson, Karl; 'Drew Weaver'; > incidentsat_private > Subject: Re: Dig in: autorooter, maybe that IRC one but SAV > doesnt pick it up. > > > find it usefull in how strings are used in detection / evasion. ( hint: > most trojan / viri can be rendered undetectable by changing as few as one > word / string in the server component ) Come on - a virus scanner is *much* more than 'grep-on-steroids'. I don't know with which product you tested that. If changing a word (string) in a malicious file prevents an anti-virus product from detecting it - I'd consider that anti-virus product totally worthless. For more information of how anti-virus products work I'd recommend excellent book by number of authors proven in this field: Viruses revealed By C. David Harley, Robert Slade, David Harley, Urs E. Gattiker, Eugene H. Spafford http://www.amazon.com/exec/obidos/ASIN/0072130903/qid%3D1014395845/ref%3Dsr% 5F11%5F0%5F1/102-3310432-4115362 Regards, Bojan Zdrnja --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 02:05:36 PDT