|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: strange windows behaviour.
From: Schmehl, Paul L (pauls
utdallas.edu)
Date: Thu Oct 09 2003 - 11:06:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -----Original Message-----
> From: J Mike Rollins [mailto:rollinswfu.edu]
> Sent: Thursday, October 09, 2003 10:13 AM
> To: Schmehl, Paul L
> Cc: incidentssecurityfocus.com
> Subject: RE: strange windows behaviour.
>
> I have just tested the ideas expressed here and have to
> report that streams can still be a threat.
>
> When I try to make a copy of the dll stored within the
> stream, the virus scanning software does find it.
>
> However, when I run the contents of the dll stream by using
> rundll32 the program is not caught by the virus scanning
> software. And the trojan continues to execute undetected.
>
> So, I believe this to be a serious threat.
Have you sent the results of your testing to your AV vendor? It could
easily be a problem with your AV rather than a problem with the general
principle of on access scanning being able to catch the trojan.
Paul Schmehl (paulsutdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]