Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: strange windows behaviour.
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Thu, 9 Oct 2003 11:06:37 -0500
-----Original Message-----
From: J Mike Rollins [mailto:rollins () wfu edu] 
Sent: Thursday, October 09, 2003 10:13 AM
To: Schmehl, Paul L
Cc: incidents () securityfocus com
Subject: RE: strange windows behaviour.

I have just tested the ideas expressed here and have to 
report that streams can still be a threat.

When I try to make a copy of the dll stored within the 
stream, the virus scanning software does find it.

However, when I run the contents of the dll stream by using 
rundll32 the program is not caught by the virus scanning 
software.  And the trojan continues to execute undetected.

So, I believe this to be a serious threat.


Have you sent the results of your testing to your AV vendor?  It could
easily be a problem with your AV rather than a problem with the general
principle of on access scanning being able to catch the trojan.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

---------------------------------------------------------------------------
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]