Can PAN detect this kind of malware?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Can PAN detect this kind of malware?

L5 Sessionator

I found following article.

Sucuri Research

This is pretty interesting technique, though if people hits this kind of malware, is Threat Prevention (or might be wildfire?) able to detect this malware?

Regards,

1 REPLY 1

L6 Presenter

Hopefully PA will add this as a general threat that a jpeg contains a malformed exif-header (or rather the exif-header contains data which shouldnt exist there in normal situations).

Such as the /.*/e^ or for that matter eval, base64_decode and the other stuff.

This would also be interresting to exploit regarding as a tunneling technique.

That is similar to how What2Code – IT Security Blog used ssh within web-browsing session (and later ssh within dns session) now you can take it a step further and use proper http etc but tunnel through jpegs which is being sent back and forth 🙂 (and this way you would be screwed as soon as you let the client use web-browsing as appid)

  • 1684 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!