mailing list archives
Re: Bypass Virus Checking
From: eric () INFOBRO COM (Eric D. Williams)
Date: Thu, 3 Feb 2000 23:12:19 -0500
Another stab with a little more clarity ---
On a related topic. Would it not be possible to use a similar exploit
technique, specifically concerning NAI's fine products, to establish a bogus
Search the system for valid HD drives: C: D: E:, etc. not removable and RW
use a (little better, maybe I'll post some code) paging a little at a time to
disk and decoding... to a drive without a pagefile.sys
Now all that is left to do is to get the system to read the code, yes? Not to
difficult considering the constant reads done to paging files. Maybe you could
even race the thing into memory??? I believe pagefile.sys and windows.swap
files are excluded by default, and AFAIK Windows NT does not 'scan' the drive
or establish a new pagefile, that is at boot time all done by (previous)
registry configuration. Just a thought.
Eric Williams, Pres.
Information Brokers, Inc.
mailto:eric () infobro com
For More Info: info () infobro com
- Re: 'cross site scripting' defenses, (continued)