How does Symantec detect nc.exe
Does Symantic Anti-Virus software detect nc.exe through an MD5 file id? I tried renaming nc.exe to say winupdate.exe and still it detects that it's a potential threat. What do antivirus software look for to be able to identify if a file is a potential threat?
Does nc.exe have a certain ID that antivirus software knows? How exactly does this work?
If bypassing AV was as simple as renaming the file, then the AV wouldn't be very effective would it?Originally Posted by drakoth777
The current AV ideology is to use signature files to compare against the files it finds. When it sees a matching signature it flags the file as bad. How these signatures are created is mostly likely held as a company secret at each of the AV vendors.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Please see this post about netcat -
http://forums.remote-exploit.org/showthread.php?t=7773
The tute poster -`Joseph`- linked to this pdf. Explains exactly what you want to know and was also a good read.
http://packetstormsecurity.org/paper...ack_Netcat.pdf
RxCoup - Killthepage
You could try CryptCat...
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Posting Permissions
