August 14, 2007 at 11:49Unexpected Threat: Objects in RTF Files
Not a single antivirus from the virustotal.com arsenal detected EICAR in a test file.
By processing the executable file in a special way and embedding it in an RTF file, you can get a reliable container for the virus. The danger factor is that most antiviruses do not scan objects embedded in this way into RTF files.
The user, having opened the file and double-clicking on the object, will launch the executable file with his rights. In this case, Windows Vista will issue a request for execution, XP SP2 will issue a standard warning about unsigned code, earlier versions will silently launch the program.
By processing the executable file in a special way and embedding it in an RTF file, you can get a reliable container for the virus. The danger factor is that most antiviruses do not scan objects embedded in this way into RTF files.
The user, having opened the file and double-clicking on the object, will launch the executable file with his rights. In this case, Windows Vista will issue a request for execution, XP SP2 will issue a standard warning about unsigned code, earlier versions will silently launch the program.