miércoles, junio 25, 2008

Erasing or Blocking logs remotelly

Monday I dreamt some new web-hacking techniques, now I only remember one:

If you write in the url an eicar, loveletter or any virus fingerprint, the antivirus blocks or deletes the log files, or also the logfile can be sended to the AV company if you write a suspicious pattern.

ex: http://web.com/index.php?<virus pattern>


What about inserting in BD this patterns? If you register in a web, and submit the pattern in de BD, maybe some BD files will be blocked or deleted by the antivirus.

This also can be a vector to exploit some local AV flaws.

NOTE: only Panda detects eicars that are not at the beginning of the file, must use other patterns.