AntiVirus Products Fail to Find Simple IE Malware

Posted by ScuttleMonkey on Monday October 29, 2007 @07:17AM from the no-surprise-here dept.

SkiifGeek writes "Didier Stevens recently took a closer look at some Internet Explorer malware that he had uncovered and found that most antivirus products that it was tested against failed to identify the malware through one of the most basic and straight forward obfuscation techniques — the null-byte. With enough null-bytes between each character of code, it is possible to fool all antivirus products (though additional software will trap it), yet Internet Explorer was quite happy to render the code. Whose responsibility is it to fix this behavior? Both the antivirus / anti-malware companies and Microsoft's IE team have something to answer for."

3 of 190 comments (clear)

Min score:

Reason:

Sort:

Re:Egads! by toadlife · 2007-10-29 13:03 · Score: 0, Flamebait

That article you linked to is utter crap.

--
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Re:Disabling Script? by mrsteveman1 · 2007-10-29 13:41 · Score: 0, Flamebait

Even Firefox has security problems when JS is involved, quit pretending like ultra secure browsers and a lack of incompetence will fix everything.

At least make the claim that you trust the sites you visit, don't pretend its ok because you're lazy.
Re:Obvious by DrSkwid · 2007-10-29 13:46 · Score: 0, Flamebait

I don't think you know how computers work.

--
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter