Bugtraq mailing list archives
Re: Bypass Virus Checking
From: eric () INFOBRO COM (Eric D. Williams)
Date: Thu, 3 Feb 2000 23:12:19 -0500
Another stab with a little more clarity --- Hello all, On a related topic. Would it not be possible to use a similar exploit technique, specifically concerning NAI's fine products, to establish a bogus pagefile.sys. For Example: Search the system for valid HD drives: C: D: E:, etc. not removable and RW use a (little better, maybe I'll post some code) paging a little at a time to disk and decoding... to a drive without a pagefile.sys Now all that is left to do is to get the system to read the code, yes? Not to difficult considering the constant reads done to paging files. Maybe you could even race the thing into memory??? I believe pagefile.sys and windows.swap files are excluded by default, and AFAIK Windows NT does not 'scan' the drive or establish a new pagefile, that is at boot time all done by (previous) registry configuration. Just a thought. The InfoBro Eric Williams, Pres. Information Brokers, Inc. http://www.infobro.com/ mailto:eric () infobro com For More Info: info () infobro com
Current thread:
- Re: 'cross site scripting' defenses, (continued)
- Re: 'cross site scripting' defenses flynngn () JMU EDU (Feb 06)
- Microsoft Security Bulletin (MS00-004) Microsoft Product Security (Feb 04)
- Sprint PCS vulnerable to malicious tags Paul Schreiber (Feb 04)
- Re: Bypass Virus Checking minus (Feb 03)
- Re: Bypass Virus Checking salme () US IBM COM (Feb 01)
- Re: Bypass Virus Checking Uwe Schurig (Feb 02)
- Re: Bypass Virus Checking Neil Bortnak (Feb 02)
- Re: Bypass Virus Checking Nick FitzGerald (Feb 03)
- Re: Bypass Virus Checking Winkelmann, Brian (Feb 02)
- Re: Bypass Virus Checking Kuo, Jimmy (Feb 02)
- Re: Bypass Virus Checking Eric D. Williams (Feb 03)
- Zeus Web Server: Null Terminated Strings Julian Midgley (Feb 08)
- Re: Bypass Virus Checking Paul L Schmehl (Feb 08)
- Re: Bypass Virus Checking David Harley (Feb 03)
- Re: Bypass Virus Checking Max Vision (Feb 04)