Results 1 to 4 of 4

Thread: How does Symantec detect nc.exe

  1. #1
    Member
    Join Date
    May 2008
    Posts
    190

    Default How does Symantec detect nc.exe

    Does Symantic Anti-Virus software detect nc.exe through an MD5 file id? I tried renaming nc.exe to say winupdate.exe and still it detects that it's a potential threat. What do antivirus software look for to be able to identify if a file is a potential threat?
    Does nc.exe have a certain ID that antivirus software knows? How exactly does this work?

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by drakoth777 View Post
    Does Symantic Anti-Virus software detect nc.exe through an MD5 file id? I tried renaming nc.exe to say winupdate.exe and still it detects that it's a potential threat. What do antivirus software look for to be able to identify if a file is a potential threat?
    Does nc.exe have a certain ID that antivirus software knows? How exactly does this work?
    If bypassing AV was as simple as renaming the file, then the AV wouldn't be very effective would it?

    The current AV ideology is to use signature files to compare against the files it finds. When it sees a matching signature it flags the file as bad. How these signatures are created is mostly likely held as a company secret at each of the AV vendors.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member
    Join Date
    Feb 2008
    Posts
    44

    Default

    Please see this post about netcat -
    http://forums.remote-exploit.org/showthread.php?t=7773

    The tute poster -`Joseph`- linked to this pdf. Explains exactly what you want to know and was also a good read.
    http://packetstormsecurity.org/paper...ack_Netcat.pdf
    RxCoup - Killthepage

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    You could try CryptCat...
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •