| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 109513 | 2010-05-11 15:52:00 | Uber-Attack! ->TEOTWAWKI | SurferJoe46 (51) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 883932 | 2010-05-11 15:52:00 | The attack is a clever “bait-and-switch” style move. Harmless code is passed to the security software for scanning, but as soon as it’s given the green light, it’s swapped for the malicious code. The attack works even more reliably on multi-core systems because one thread doesn’t keep an eye on other threads that are running simultaneously, making the switch easier. The attack, called KHOBE (Kernel HOok Bypassing Engine), leverages a Windows module called the System Service Descriptor Table, or SSDT, which is hooked up to the Windows kernel. Unfortunately, SSDT is utilized by antivirus software. From the US-version of ZD-Net::: (www.zdnet.com) So - just which anti-viral/security system is circumscribed? EVERY Windows security product tested. The list is both huge and sobering: * 3D EQSecure Professional Edition 4.2 * avast! Internet Security 5.0.462 * AVG Internet Security 9.0.791 * Avira Premium Security Suite 10.0.0.536 * BitDefender Total Security 2010 13.0.20.347 * Blink Professional 4.6.1 * CA Internet Security Suite Plus 2010 6.0.0.272 * Comodo Internet Security Free 4.0.138377.779 * DefenseWall Personal Firewall 3.00 * Dr.Web Security Space Pro 6.0.0.03100 * ESET Smart Security 4.2.35.3 * F-Secure Internet Security 2010 10.00 build 246 * G DATA TotalCare 2010 * Kaspersky Internet Security 2010 9.0.0.736 * KingSoft Personal Firewall 9 Plus 2009.05.07.70 * Malware Defender 2.6.0 * McAfee Total Protection 2010 10.0.580 * Norman Security Suite PRO 8.0 * Norton Internet Security 2010 17.5.0.127 * Online Armor Premium 4.0.0.35 * Online Solutions Security Suite 1.5.14905.0 * Outpost Security Suite Pro 6.7.3.3063.452.0726 * Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION * Panda Internet Security 2010 15.01.00 * PC Tools Firewall Plus 6.0.0.88 * PrivateFirewall 7.0.20.37 * Security Shield 2010 13.0.16.313 * Sophos Endpoint Security and Control 9.0.5 * ThreatFire 4.7.0.17 * Trend Micro Internet Security Pro 2010 17.50.1647.0000 * Vba32 Personal 3.12.12.4 * VIPRE Antivirus Premium 4.0.3272 * VirusBuster Internet Security Suite 3.2 * Webroot Internet Security Essentials 6.1.0.145 * ZoneAlarm Extreme Security 9.1.507.000 * probably other versions of above mentioned software * possibly many other software products that use kernel hooks to implement security features |
SurferJoe46 (51) | ||
| 883933 | 2010-05-12 04:29:00 | you missed an important bit ARE YOU SAFE? The attack is primarily theoretical and hasn’t affected the real world, so there’s no need to panic as of now. |
bevy121 (117) | ||
| 883934 | 2010-05-12 04:31:00 | Yeah - but we is talking WINDOWS and the haters of it with a vested interest in hammering Uncle Bill. Just a passing story - that's all though. |
SurferJoe46 (51) | ||
| 883935 | 2010-05-12 05:07:00 | There's been plenty of other viruses and malware in the past which disable security software if they manage to get on to your PC, I don't see this as anything new, just a new approach to an old issue. And it's only relevant to an old OS. | inphinity (7274) | ||
| 883936 | 2010-05-12 05:56:00 | Surfer Joe .... I think I need glasses .... can't see MSSE on the list and thought you were asking which anti-virus programmes were circumsized. Think I'm going to phone the optomitrist :dogeye: |
SP8's (9836) | ||
| 883937 | 2010-05-12 06:15:00 | Surfer Joe .... I think I need glasses .... can't see MSSE on the list and thought you were asking which anti-virus programmes were circumsized. Think I'm going to phone the optomitrist :dogeye: Do you know anyone who can dial the phone for you? |
SurferJoe46 (51) | ||
| 883938 | 2010-05-14 13:03:00 | can't see MSSE on the list It's not on the list because it's not vulnerable.:clap arstechnica.com |
KarameaDave (15222) | ||
| 1 | |||||