Have fun planting virus signatures in strange places that touch remote disks somehow/somewhere.

Example:

Change your mail sig to:
X5O!P%@ap[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Or send it in a browser var, as a password (quickly find the sites that don't encrypt passwords), send to open syslogs, etc.

The some AV actually delete/quarantine the file (weblogs, mailspool, {u,w}tmp etc.)!

What are your ideas?

Inspired by: sec.cs.tu-bs.de/pubs/2017-asia

@Dodge didn't you set your browser user-agent to the eicar string for a while? (re: @Mudge )

Follow

@emf @Mudge I don't recall doing that, but it's a good idea. Run a "host -t txt dmumford.com" though.

@Dodge Huh.. I thought it was you.. I know SOMEONE I know did that, and I'm pretty sure it was someone that worked at NFR.

Sign in to participate in the conversation
Mastodon

The original server operated by the Mastodon gGmbH non-profit