SkiifGeek writes "Didier Stevens recently took a closer look at some Internet Explorer malware that he had uncovered and found that most antivirus products that it was tested against (courtesy of VirusTotals) failed to identify the malware through one of the most basic and straight forward obfuscation techniques — the null-byte. With enough null-bytes between each character of code, it is possible to fool all antivirus products (though additional software will trap it), yet Internet Explorer was quite happy to render the code.
Actually there is no reason to expect to see this problem properly negotiated.
IE is an application designed to provide remote access through the activeX engine. I think MS endorses this behavior.
Updates made through the browser may require this application some kind of privileged access.
Someone please correct me if I'm wrong at this point.
Anti virus actions pattern-recognition based are naturally flawed since I can go home right now and write a brand new so-called activeX virus and embed it in a b
Receiving a million dollars tax free will make you feel better than
being flat broke and having a stomach ache.
-- Dolph Sharp, "I'm O.K., You're Not So Hot"
The answer's almost in the URL... (Score:1)
next-next-finish (Score:1)
Actually there is no reason to expect to see this problem properly negotiated.
IE is an application designed to provide remote access through the activeX engine. I think MS endorses this behavior.
Updates made through the browser may require this application some kind of privileged access.
Someone please correct me if I'm wrong at this point.
Anti virus actions pattern-recognition based are naturally flawed since I can go home right now and write a brand new so-called activeX virus and embed it in a b