Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Neat, older support for rootkits!

From: Dave Aitel <dave () immunitysec com>
Date: Wed, 25 Oct 2006 09:09:26 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Wait wait, I know, the future is in using kernel 0day to install
Norton Security and Symantec.  Does anyone know the API they used in
this case?

http://www.eweek.com/article2/0,1895,2036638,00.asp


When a program of any kind attempts to modify the kernel on a system
running PatchGuard, which is already available in 64-bit versions of
Microsoft's Windows XP OS, the computer produces a blue screen and
stops all other Windows applications from running.

Authentium said its workaround allows it to access the kernel without
incurring the shut-down.

The company specifically said that it is using an element of the
kernel meant to help the OS support older hardware to bypass the
feature. The loophole allows the company's tools to infiltrate Vista's
kernel hooking driver, and get out, without the OS knowing the
difference.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iD8DBQFFP2IGzOrqAtg8JS8RAqxOAKCgyc1aiywgxPXVatidnZQk1S/kRACgk3bY
31iX2FGDZRgGMkQXD1rZr8U=
=CPl0
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: