« previous next »
Pages: [1]   Go Down

Author Topic: Not everybody knows this  (Read 2640 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33903
  • malware fighter
Not everybody knows this
« on: July 02, 2005, 08:04:18 PM »
Hello my fellow virus killers,

Not everybody seems to know that exempt from explorer, every executable file can be run renamed. So an exe can be renamed as gif, a stealth technique a lot of miscreants prefer to rootkits. pckill.exe could so be run as a gif. So you need a hex viewer or a binairy scanner or FileAlyzer, yes even notepad to see that this file is not an ordinairy GIF file.
See how they do this on our gemproject blog: http://spaces.msn.com/members/gemproject/

greets

polonus
« Last Edit: July 02, 2005, 08:06:08 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »