James, this is the problem with AV in general and not specific to this problem.
detecting the problem & defense in depth mitigates zero-day, however,
when very basic code gets past AV this is definitely an area that
needs work.
24/04/07, James Matthews <nytrokiss_at_gmail.com> wrote:
> How can these people put out a good product against scripts where you can
> change anything and it will still work!
>
> On 4/24/07, David Kierznowski <david.kierznowski_at_gmail.com> wrote:
> >
> > Web Backdoor Compilation along with Dancho Danchev AV research has proven
> > how less-effective many of these products are when detecting web malware.
> >
> > The results are certainly not a shocker but definately an eye opener. WBC
> > has certainly demonstrated what all security researchers already know,
> this
> > area needs work!
> >
> > See: http://michaeldaw.org/news/news-042407/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> http://www.goldwatches.com/watches.asp?Brand=39
> http://www.wazoozle.com
>
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------
Received on Apr 26 2007
Intro
