| |||||||||||||
A backdoor in UnrealIRCdA backdoor in UnrealIRCdPosted Jun 17, 2010 11:52 UTC (Thu) by richmoore (subscriber, #53133)Parent article: A backdoor in UnrealIRCd
> Bott must be under the impression that virus scanners somehow magically recognize backdoors in executable code
Whilst a signature based virus scanner would not have found this, most windows AV products will ask the user when a process tries to launch another, which would have highlighted this issue.
(Log in to post comments)
A backdoor in UnrealIRCd Posted Jun 17, 2010 12:18 UTC (Thu) by mpr22 (subscriber, #60784) [Link] Three torrents of "allow execution" spam from a shell script later, the user becomes anaesthetized to such things.
A backdoor in UnrealIRCd Posted Jun 17, 2010 12:33 UTC (Thu) by richmoore (subscriber, #53133) [Link]
There's certainly an element of that.
A backdoor in UnrealIRCd Posted Jun 17, 2010 13:59 UTC (Thu) by tialaramex (subscriber, #21167) [Link]
Also a lot of scanners these days are "heuristic" which means
They might have spotted an unsophisticated UnrealIRCd attack
The result is that they're more likely to spot a genuine attack like this, but their users are inured to occasional false alarms and so unlikely to act on it. I scarcely use Windows, and yet I'm aware of several such false alarms from apparently uninteresting programs.
Still, compiling the vulnerable code and running it inside a firewall is safe, any pundit who wants to make a big deal of this should try it and report how many (if any) AV products available six months ago actually spot this.
|
|||||||||||||