Test ur XSS skills: http://xss.progphp.com/
On 12 May 2010 08:22, Srinivas Naik <[email protected]> wrote: > UPDATE - New attack bypasses EVERY Windows security product > > Are you a Windows user? Do you make sure that your antivirus program is > updated regularly? Do you feel safe? You shouldn’t! Read on to find out why > … > > Security researchers at Matousec.com have come up with an ingenious attack > that can bypass every Windows security product tested and allow malicious > code to make its way to your system. > > Yes, you read that right - every Windows security product tested. And the > list is both huge and sobering: > > 3D EQSecure Professional Edition 4.2 > avast! Internet Security 5.0.462 > AVG Internet Security 9.0.791 > Avira Premium Security Suite 10.0.0.536 > BitDefender Total Security 2010 13.0.20.347 > Blink Professional 4.6.1 > CA Internet Security Suite Plus 2010 6.0.0.272 > Comodo Internet Security Free 4.0.138377.779 > DefenseWall Personal Firewall 3.00 > Dr.Web Security Space Pro 6.0.0.03100 > ESET Smart Security 4.2.35.3 > F-Secure Internet Security 2010 10.00 build 246 > G DATA TotalCare 2010 > Kaspersky Internet Security 2010 9.0.0.736 > KingSoft Personal Firewall 9 Plus 2009.05.07.70 > Malware Defender 2.6.0 > McAfee Total Protection 2010 10.0.580 > Norman Security Suite PRO 8.0 > Norton Internet Security 2010 17.5.0.127 > Online Armor Premium 4.0.0.35 > Online Solutions Security Suite 1.5.14905.0 > Outpost Security Suite Pro 6.7.3.3063.452.0726 > Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION > Panda Internet Security 2010 15.01.00 > PC Tools Firewall Plus 6.0.0.88 > PrivateFirewall 7.0.20.37 > Security Shield 2010 13.0.16.313 > Sophos Endpoint Security and Control 9.0.5 > ThreatFire 4.7.0.17 > Trend Micro Internet Security Pro 2010 17.50.1647.0000 > Vba32 Personal 3.12.12.4 > VIPRE Antivirus Premium 4.0.3272 > VirusBuster Internet Security Suite 3.2 > Webroot Internet Security Essentials 6.1.0.145 > ZoneAlarm Extreme Security 9.1.507.000 > probably other versions of above mentioned software > possibly many other software products that use kernel hooks to implement > security features > > The attack is a clever “bait-and-switch” style move. Harmless code is passed > to the security software for scanning, but as soon as it’s given the green > light, it’s swapped for the malicious code. The attack works even more > reliably on multi-core systems because one thread doesn’t keep an eye on > other threads that are running simultaneously, making the switch easier. > > The attack, called KHOBE (Kernel HOok Bypassing Engine), leverages a Windows > module called the System Service Descriptor Table, or SSDT, which is hooked > up to the Windows kernel. Unfortunately, SSDT is utilized by antivirus > software. > > Note: The issue affecting SSDT have been known for some time but as yet > haven’t been leveraged by attackers. However, as multi-core systems make > this attack more reliable, and they are now becoming the norm, this is now a > much greater threat. > > Oh, and don’t think that just because you are running as a standard user > that you’re safe, you’re not. This attack doesn’t need admin rights. > > However, it does require a lot of code to work, so it’s far from ideal for > attackers. That said, its ability to completely neuter security software is > quite frightening. I assume that security vendors the world over are now > scrambling to come up with a fix for this issue. > > Source:www.zdnet.com > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > -- Regards, kishore sangaraju -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
