On Mon, 24 May 2010 23:14:12 +0200 Sarocet <saro...@gmail.com> wrote:
>>> Send the malicious one after a while. The hash in on the cache so it >>> bypasses the AV. >>> Profit. >>> >> Good luck, >> > > I don't need to be specially lucky. > It's just one google search away. > http://www.mscs.dal.ca/~selinger/md5collision/ > > Download these to files: > http://www.mscs.dal.ca/~selinger/md5collision/hello.exe > http://www.mscs.dal.ca/~selinger/md5collision/erase.exe > > Both files have the same filesize (6144) and md5 > cdc47d670159eef60916ca03a9d4a007 > The first one salutes the world. The second one erases the drive (or so > it says :) > > Md5 is broken, guys. These are poor examples, which are almost identical (only 6 bytes differ). Now, take a notepad.exe and create a malicious file with the same file size and MD5. Thanks, -- oo ..... Tomasz Kojm <tk...@clamav.net> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon May 24 23:43:26 CEST 2010 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
