Tuesday, February 2, 2010

Messing with Virus Scanning Portals

OK, so there's been a bit of hubbub surrounding Kaspersky's experiment in abusing the sample sharing ecosystem that has evolved from the VirusTotal virus scanning portal. No surprise, just another example of another security feedback-loop that can be abused for good or ill purposes.

So, changing hats for a minute, I decided to think a little more on how you could intentionally abuse this feedback-loop if you set your mind to it. Needless to say, the opportunities for the so-inclined to mess the system up are present in abundance.

The new blog entry has been posed over at the Damballa site - Killing Antivirus, One DLL at a Time.

Is it likely that someone will do this? hell yeah! ;-)

No comments:

Post a Comment