Wednesday, April 1, 2009
"Yoann Guillot and myself have been assessing the security of instant communication applications for a couple of years.
"For quite some time now, we have both suspected that it was possible to conduct both stealth and massive attacks on popular chat clients such as MSN, AIM, Trillian or mIRC.
"Today, we have verified our intuition by creating an encoder that can make any shellcode look like a smiley. It is possible to encode malicious shellcodes in emoticons, leaving exploits indistinguishable from genuine chat messages.
"This would make massive attacks against instant messaging applications impossible to catch by anti-virus, IDS or similar signature based technologies. Moreover, it is possible to conduct attacks with plausible deniability."
More at blogspot...