Search
Categories
Underground – Downfalls of Anti-Virus Software
October 29th, 2008 by 
Patchy
In this Underground video, Overide explains a major downfall of many Anti-Virus Software. Anti-Virus Software detects viruses by searching an executable program for specific signatures; signatures basically are a string of code that the Anti-Virus Software considers malicious. Overide describes how to locate this signature, and how to manipulate the executable’s assembly code so that the Anti-Virus Software does not flag the executable as a virus. In this video, Overide modifies the NetCat signature by changing NOP (No Operation) instructions to INT3 (software interrupt used by debuggers) instructions. For those of you that don’t know, Netcat is a networking utility which reads and writes data across network connections, using the TCP/IP protocol. Anti-Virus software flags NetCat as a virus because it can be used to open a backdoor on a computer.
Full Scale Video Here
Download Here
NetCat
If you would like to submit a video to Infinity Exists Underground send an email describing your video to underground@infinityexists.com
Download Here
NetCat
If you would like to submit a video to Infinity Exists Underground send an email describing your video to underground@infinityexists.com
Posted in Underground | 
3 Comments »
3 Responses
You must be logged in to leave a comment.
October 29th, 2008 at 6:36 pm
Wow, cool video.. can’t wait to try this ;D
October 29th, 2008 at 9:12 pm
so , basically this can be applied to anything or to be more clear, any exe? for example, some old trojan and after changes it still would be functional but it wont be detected by any antivirus?
October 31st, 2008 at 5:06 pm
correct it would not be detected after the changes but you have to find the signature for that specific antivirus software.