Have fun planting virus signatures in strange places that touch remote disks somehow/somewhere.

Example:

Change your mail sig to:
X5O!P%@ap[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Or send it in a browser var, as a password (quickly find the sites that don't encrypt passwords), send to open syslogs, etc.

The some AV actually delete/quarantine the file (weblogs, mailspool, {u,w}tmp etc.)!

What are your ideas?

Inspired by: sec.cs.tu-bs.de/pubs/2017-asia

@Dodge didn't you set your browser user-agent to the eicar string for a while? (re: @Mudge )

@emf @Mudge I don't recall doing that, but it's a good idea. Run a "host -t txt dmumford.com" though.

Follow

@Dodge Huh.. I thought it was you.. I know SOMEONE I know did that, and I'm pretty sure it was someone that worked at NFR.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
Mastodon

The original server operated by the Mastodon gGmbH non-profit