| EICAR | “The EICAR Standard Anti-Virus Test File
This is a simple text file (see ASCII) that can also act as a program. It consists of one line of printable characters; if saved into a file called EICAR.COM, it can actually be executed. It prints the message:
EICAR-STANDARD-ANTIVIRUS-TEST-FILE!
Most anti-virus products detect this file as if it were a virus. This provides a safe and simple way of testing the installation and behaviour of your anti-virus software without needing to use a real virus. Using a real virus for testing on your corporate network is rather like setting fire to your wastepaper basket to test the smoke alarm -- an unnecessary risk.
To make your own EICAR test file, create a text file called EICAR.COM containing a single line that looks like this:
X5O!P%@AP[4PZX54(p^) 7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Note that the 'O' in the third character position is the letter 'oh', not the digit 'zero'. If you have typed (or pasted) the text correctly, Sophos Anti-Virus will tell you the file contains 'EICAR-AV.-Test'." |
| E-mail Spoofing | When an e-mail appears to have been originated from one source, yet it has actually been generated from another is known as e-mail spoofing. The act of forging an e-mail header ( the .....@email.com portion of an e-mail ) allows individuals who are sending "junk mail", or "SPAM" to author e-mails that can not cannot ( or can be difficult ) be traced back to the originator. |
| Entry point | Location in an executable file where the execution begins. |
| Entry point obscuring | Proceeding used by viruses to hide their presence in an infected program, by inserting their code in the normal flow of a program's execution leaving the entry point unchanged. |
| Exploit | (noun)
The methodology for enacting an attack against a particular vulnerability.
(verb)
The act of taking advantage of a vulnerability; that is, exploiting the weakness.
Exploits are frequently published on the Internet; and not always by Black Hat crackers. The ethics are debatable, but many exploit publishers claim that this is the only way to force software vendors to develop more secure software, and produce fixes for existing software that has weaknesses.
If you learn of a vulnerability and develop an exploit for it, it is considered good practice to notify the software vendor and give the developer reasonable time to produce a fix before publishing the exploit. |
Powered by