| ||||||||||||||||||||||||||||||||||||||||
30 December 2011
Confirm your feed
12 May 2010
This is the method which could give way All Hack Antivirus
Researchers have found a way of hacking to get away from the protection created by dozens of popular desktop antivirus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender. Methods were developed by researchers at matousec.com security, which works by exploiting existing antivirus program on the Windows operating system. In short, the method works by sending a code sample that passes through their security checks and then, before the code is executed, the exchange with a dangerous payload. Exploitation antivirus program must wait for the right time so that the code is not mixed up too early or too late. However, for systems that work on multicore processors, 'attack' matousec This can occur because a single threat can make other tasks that are run together, become unworkable. As a result, malware protection offered for your Windows PC can be fooled by allowing malicious code to work, which is usually when under normal conditions, will diblock malicious code by an antivirus. The method that is run by matousec use AV software, like SSDT, or the System Service Descriptor Table to modify parts of the operating system kernel, combined with the weakness of the Adobe Reader or Oracle Java Virtual Machine to install malware without being noticed by any antivirus software when users use a PC who become victims. Matousec reported that there were at least 34 security products are potentially affected by this attack. This technique can even work when Windows is run with an account that has limited privileges.
Add to Cart
More Info
11 February 2010
Beware, Trojan Infection Can Smart Files in Windows
According to the observation of security firm McAfee Labs has discovered malware that can copy itself in a help file in Windows to make the victim's computer infections. Trojan is called Muster.e by McAfee anti-virus providers, where the Trojan can infect a Windows file named imepaden.hlp who became one of the help file for Microsoft IME. Imepaden.hlp file served as the main component malware storage in encrypted form. However, the help file is already infected can still be viewed with a browser WinHelp, similar to the original help files, and users is quite difficult to find an infection which has occurred from viewing the file. When the malware that is installed be removed, then the secret cargo in it, or the so-called sys file will be decrypted into an executable file named upgraderUI.exe the registry HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVe rsion \ Run AutoPatch, and will run the installation file automatically runs a Windows service.
Muster is a family of backdoor that have used the help file to hide himself. Or help files. GLA is a data file that is designed to be viewed with Microsoft's browser to provide WinHelp online help for applications used by users. File. GLA is decrypted with key Microsoft CryptAPI with a difficult and executed by the loader files. "All the action happens in a hidden. Windows help file tesebut clever enough to fool the user. This Trojan is usually easier to work on the client computer. "Said Craig Schmugar, threat analysts McAfee Labs.
One scenario of this malware technique is a victim not aware of strange files and registry UpgraderUI.exe it, and then the user will delete the files and registry. They'll think have removed a backdoor to success. In fact, when the files and registry files are the same back again and again at every reboot the computer, the user still can not find any other suspicious files. Users will never know that the sys files have been infected, following also imepaden.hlp files.
Meanwhile, from the McAfee, has been to update the McAfee VirusScan DATs 5861 or newer, which can detect and clean infected files and help files of this backdoor.
Add to Cart
More Info
Muster is a family of backdoor that have used the help file to hide himself. Or help files. GLA is a data file that is designed to be viewed with Microsoft's browser to provide WinHelp online help for applications used by users. File. GLA is decrypted with key Microsoft CryptAPI with a difficult and executed by the loader files. "All the action happens in a hidden. Windows help file tesebut clever enough to fool the user. This Trojan is usually easier to work on the client computer. "Said Craig Schmugar, threat analysts McAfee Labs.
One scenario of this malware technique is a victim not aware of strange files and registry UpgraderUI.exe it, and then the user will delete the files and registry. They'll think have removed a backdoor to success. In fact, when the files and registry files are the same back again and again at every reboot the computer, the user still can not find any other suspicious files. Users will never know that the sys files have been infected, following also imepaden.hlp files.
Meanwhile, from the McAfee, has been to update the McAfee VirusScan DATs 5861 or newer, which can detect and clean infected files and help files of this backdoor.
Subscribe to:
Posts (Atom)
Blogger templates
Popular products
-
According to the observation of security firm McAfee Labs has discovered malware that can copy itself in a help file in Windows to make the ... -
A laptop or notebook keyboard could be locked with a key combination, can also be opened by using a fingerprint reader or replace a security... -
Researchers have found a way of hacking to get away from the protection created by dozens of popular desktop antivirus products, including t... -
Quite interesting news comes from Google Earth that can show proof of the existence of the Loch Ness monster. According to FOXNews, Daily Su... -
Although some users have grumbled about the battery issues related to Windows 7, Microsoft said the company was testing it. The Company'... -
Who is familiar with Marko Calasan? At first maybe not to anyone before Calasan the 9-year-old still has a Microsoft Certified 4 times, ie, ... -
From 1 September, Opera will launch the web browser Opera version 10. Tuesday (25/08) and then, Opera has released Opera 10 Release Candidat...
