Full Disclosure: Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]

[bipin gautam <visitbipin () yahoo com>]

> OK.  I  just wrote new super antivirus. It's
> databases currently consist
> from  only  eicar.com  signature  (I'm very new in
> this business) but it
> 100% detects EICAR in the file with removed
> permissions :)
>
> http://www.security.nnov.ru/files/antieicar.zip
> Now, there is at least one antivirus to break your
> statement :)

good example 3APA3A to teach those software companies
howto, 

anyways... here is a archive, 

http://www.geocities.com/visitbipin/antiPOC.zip

Extract the archive by using "DEFAULT ZIP MANAGER" of
windows xp. It will create a file "NULL.con" (O;
within which there is a "eicar test string file". 

I don't think your super AV will detect the "eicar
test string file" withing "NULL.con" folder??? :)

anyways... let me know HOW? when you figure out to how
to delete "NULL.con" directory.



 You  can  add Kaspersky 4.5x to the list of products
> you can bypass this
> way.  Previous  KAV  4.0  versions  (and  3.x 
> version,  actually it was
> F-Secure  engine)  had kernel driver and it was used
> during manual scan,
> probably  these version are not vulnerable. I didn't
> saw 5.x yet, but it
> is expected to be vulnerable too.
>
> F-Secure  (at  least  older  versions)  should  not
> be vulnerable, but I
> didn't tested.

                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html