Thursday 12 August 2010

Have Some Malware!

You Might Not Want To Do This...

People in the RSS feed won't have seen Jesse Collins's eicar reminder float gently past in the sidebar this week, so here's the skinny. If you copy and paste the following line of text into Notepad, and then save it (either as text, or as a quaint in-memory image ".com" file; surprisingly it does double duty as perfectly executable x86 code), then your antivirus software will throw a hissy fit:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


That's because it thinks it's found a virus! But what it's actually found is an industry standard fingerprint, recognised by all AV providers as a test pattern. Quite a useful test, it lets you check that your disks are in fact being scanned as advertised.

...And Why Not?

So if it's not an actual virus, just a harmless test pattern, then why exactly might you not want to do this?

Well, precisely because your anti-malware will (hopefully!) quarantine, and otherwise restrict your permissions to interact with, this new file. All of which can make it rather difficult to remove it from your disk - unless your AV solution steps up, as Kaspersky does above, with a Delete option.

You're welcome.

No comments:

Post a Comment