October 30, 2007
3:36 pm

When antivirus products and Internet Explorer fails?


When Didier Stevens recently took a closer look at some Internet Explorer malware that he had found, something surprised him somewhat.

He discovered that the IE-targeted malware had been obfuscated with null-bytes (0×00) and when run against VirusTotal, he found that fewer than half of the products identified the sample as malware (15 of 32). When all null-bytes were removed, the chances of successful detection improved, though not as much as would normally be expected (25 of 32 detections).

When Didier tried adding more null-bytes to the sample he found that the number of successful detections decreased steadily until, with 254 0×00 bytes between each character, McAfee was the last one standing.

Full Article

IE, Internet Explorer, Malware, Antivirus

Related Posts:

Subscribe to our site Feed | Get email updates | Share This | Top | Back

No followup yet

Leave a Response

Comment Preview
« Microsoft Unveils Vision and Road Map to Simplify SOASandcastle October 2007 CTP »
Skip to Content | Refresh page | Top | Back
Feed Icon

Subscribe via RSS or email: