Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Bypass Virus Checking
From: eric () INFOBRO COM (Eric D. Williams)
Date: Thu, 3 Feb 2000 23:12:19 -0500


Another stab with a little more clarity ---

Hello all,

On a related topic.  Would it not be possible to use a similar exploit
technique, specifically concerning NAI's fine products, to establish a bogus
pagefile.sys.

For Example:
Search the system for valid HD drives: C: D: E:, etc. not removable and RW
use a (little better, maybe I'll post some code) paging a little at a time to
disk and decoding... to a drive without a pagefile.sys
Now all that is left to do is to get the system to read the code, yes? Not to
difficult considering the constant reads done to paging files.  Maybe you could
even race the thing into memory??? I believe pagefile.sys and windows.swap
files are excluded by default, and AFAIK Windows NT does not 'scan' the drive
or establish a new pagefile, that is at boot time all done by (previous)
registry configuration.  Just a thought.

The InfoBro

Eric Williams, Pres.
Information Brokers, Inc.
http://www.infobro.com/
mailto:eric () infobro com
For More Info: info () infobro com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]