Check your internet speed for free:

Back to Home Page

Wednesday, May 12, 2010

New attack bypasses EVERY Windows security product, KHOBE and SSDT

QUOTE (Adrian Kingsley-Hughes)
The attack is a clever “bait-and-switch” style move. Harmless code is passed to the security software for scanning, but as soon as it’s given the green light, it’s swapped for the malicious code. The attack works even more reliably on multi-core systems because one thread doesn’t keep an eye on other threads that are running simultaneously, making the switch easier.

The attack, called KHOBE (Kernel HOok Bypassing Engine), leverages a Windows module called the System Service Descriptor Table, or SSDT, which is hooked up to the Windows kernel. Unfortunately, SSDT is utilized by antivirus software.

Oh, and don’t think that just because you are running as a standard user that you’re safe, you’re not. This attack doesn’t need admin rights

The ZDNet article:
http://www.zdnet.com/blog/hardware/update-new-attack-bypasses-every-windows-security-product/8268

The Research:
http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)