Nmap Development mailing list archives
Re: Latest dist v5.2
From: Ron <ron () skullsecurity net>
Date: Wed, 27 Jan 2010 17:32:40 -0600
On Wed, 27 Jan 2010 14:18:00 -0800 Fyodor <fyodor () insecure org> wrote:
We should have tested :(. Now I'm getting reports that nmap_services.exe triggers Panda Antivirus W32/Xor-encoded.A: http://www.cloudantivirus.com/en/threat-information/Xor-encoded.A/194318/ VirusTotal finds that as well: http://www.virustotal.com/analisis/5938478eb7195e53ba408b6fc390b35f2ccff6e68b761da4a5dfab97f3164a9c-1264630143 -F
Aww damn, sorry! That really sucks... It looks like Panda detects xor'ing by any byte. That's sort of clever, but also irritating. I tried 0xFF, 0x01, and 0x13. I'm assuming it happens for everything. Any other suggestions on how to encode it in a simple way without triggering a/v signatures? -- Ron Bowes http://www.skullsecurity.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Latest dist v5.2, (continued)
- Re: Latest dist v5.2 David Fifield (Jan 26)
- Re: Latest dist v5.2 Ron (Jan 26)
- Re: Latest dist v5.2 Fyodor (Jan 27)
- Re: Latest dist v5.2 Brandon Enright (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 27)
- Re: Latest dist v5.2 Fyodor (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 27)
- Re: Latest dist v5.2 Jonathan R (Jan 27)
- Re: Latest dist v5.2 Ron (Jan 28)
- Re: Latest dist v5.2 Fyodor (Jan 28)
- Re: Latest dist v5.2 David Fifield (Jan 26)
- Re: Latest dist v5.2 Ron (Jan 27)
- Re: Latest dist v5.2 Brandon Enright (Jan 27)
- Re: Latest dist v5.2 Brandon Enright (Jan 27)