Full Disclosure mailing list archives
Re: Undetectable Virus from CANADA ISP 69.197.83.68
From: devis <devis () easynix net>
Date: Sun, 24 Oct 2004 16:26:25 +0200
Well its the good old trick <string>.<good known extension>[ insert numerous spaces here ].<nasty executable extension>
This relies on MS IExplore or Outlook to not show more than X characters of the file name, but as your screen shots show, its detected as a Screen saver meanijng it has a .scr extension which happens to be executable as well.
$ file details/details.txt\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ .scr
MS-DOS executable (EXE), OS/2 or MS Windows Does that tricks Hotmail / Mc Afee every time ? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Undetectable Virus from CANADA ISP 69.197.83.68 Farrukh Hussain (Oct 22)
- Re: Undetectable Virus from CANADA ISP 69.197.83.68 Andrew Smith (Oct 22)
- Re: Undetectable Virus from CANADA ISP 69.197.83.68 Joshua Levitsky (Oct 22)
- Re: Undetectable Virus from CANADA ISP 69.197.83.68 Nick FitzGerald (Oct 23)
- Re: Undetectable Virus from CANADA ISP 69.197.83.68 Paul Schmehl (Oct 22)
- Re: Undetectable Virus from CANADA ISP 69.197.83.68 devis (Oct 24)
- Re: Undetectable Virus from CANADA ISP 69.197.83.68 Danny (Oct 22)
- Re: Undetectable Virus from CANADA ISP 69.197.83.68 Barrie Dempster (Oct 23)
- Re: Undetectable Virus from CANADA ISP 69.197.83.68 Barrie Dempster (Oct 23)
- Re: Undetectable Virus from CANADA ISP 69.197.83.68 Azerail (Oct 23)
- Re: Undetectable Virus from CANADA ISP 69.197.83.68 Andrew Smith (Oct 22)