[WEB SECURITY] Bypassing Web Antiviruses

MustLive mustlive at websecurity.com.ua
Tue Jul 17 16:50:51 EDT 2012


Hello participants of Mailing List.

As I've announced in the list in May, I've released my article "Bypassing
Web Antiviruses" in the magazine Web App Pentesting 05/2012
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-May/008378.html).
Concerning this article, then recently I've published it at my site
(http://websecurity.com.ua/articles/bypassing-of-web-antiviruses/). So
everyone who is interested can read it.

This article combines information from my 2010's article "Bypass of systems
for searching viruses at web sites" (published in the list) and from my
2011's article "Effective use of cloaking against web antiviruses". In
short, in the first article I told about the cloaking - how malware can hide
from web antiviruses (and stated that my system Web VDS, which I've made in
2008, had protection from cloaking). And in the second article I told more
about the cloaking - the way how web antiviruses became fighting with it and
other ways of bypassing them with cloaking. I've described the case, when in
the end of August 2011 I've found Google's bot, who changed its UA. But due
to other mistakes, it couldn't hide well, so it was possible for malware to
use cloaking for hiding from the bot. So it's needed to fight with cloaking
more effectively.

P.S.

Also in May I've wrote to the list about case of how IBM handle information
about vulnerabilities in their software. And soon I'll present the results
summary of my two months conversation with IBM PSIRT and other employees of
this company.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua






More information about the websecurity mailing list