[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Sophos Antivirus Advisory

To: <patrickhof@xxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Sophos Antivirus Advisory
From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
Date: Thu, 16 Jun 2005 07:04:57 -0700

> = Advisory: Sophos doesn't recognize keylogger after string alteration =
>

this technique is not new, and is quite commonly used to fool AV engines,
not just Sophos.
( and yes, Morphine works as well as commercial "executable packers")
If I recall, a certain trojan group ( now defunct ) used a simple string
change to change their standard releases to that of undetected versions they
sold ( for up to $300). I realy dont know why this is being reported here.

my2bits,
mw
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Sophos Antivirus Advisory
  - From: patrickhof

Prev by Date: Re: [Full-disclosure] Sophos Antivirus Advisory
Next by Date: Re: [Full-disclosure] Sophos Antivirus Advisory
Previous by thread: Re: [Full-disclosure] Sophos Antivirus Advisory
Next by thread: RE: [Full-disclosure] Sophos Antivirus Advisory
Index(es):
- Date
- Thread