bytes with value zero, 0×00 how does NOD react?

Discussion in 'NOD32 version 2 Forum' started by neurobashing, Oct 29, 2007.

Thread Status:
Not open for further replies.
  1. neurobashing

    neurobashing Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    1
  2. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Not sure, except to say that VT is not a definitive indication of NOD32's detection...

    EDIT: Testing with 'Exploit for ADODB hole (MS03-04:cool:' at http://www.heise-security.co.uk/services/browsercheck/demos/ie/null/ it seems that the null obfuscation may be a detection issue for NOD32 v2.7

    live link removed

    Cheers :)
     

    Attached Files:

    Last edited by a moderator: Oct 30, 2007
  3. jftuga

    jftuga Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    64
    Location:
    Athens, GA
    The link you provided is detected by IMON as:
    VBS/TrojanDownloader.Psyme.F.trojan

    signature version: 2627

    -John
     
  4. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi John,

    That's the point - the original is not picked up by IMON but what Internet Explorer renders is when it is re-checked (as attached).

    Still, with the public release of v3 only hours away our discussion about NOD32 v2.7 is purely academic.

    Any EAV or ESS RC-Final users want to try the tests at http://www.heise-security.co.uk/services/browsercheck/demos/ie/null/ and let ESET know if it is any different for them?

    Cheers :)
     
  5. jftuga

    jftuga Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    64
    Location:
    Athens, GA
    Since 3.0 is a major upgrade (it sounds like a huge rewrite), we will be staying with 2.7 for awhile. If there are no 3.0 reports of instability or bugs, then I would consider upgrading our 300 PCs to 3.0. However, 2.7 is really great, so I am in no hurry to upgrade.

    -John
     
  6. ASpace

    ASpace Guest


    No such thing like instability in v3 . Bugs - no major bugs . Tested with all betas and RC1.
     
Thread Status:
Not open for further replies.