New Attack Bypasses Virtually all AV Protection
Researchers have devised a way to bypass anti-virus software using the ol' bait and switch. It sends a sample of clean code which passes security checks, then swaps it out afterwards with the malicious payload. It also is more effective on mulicore systems due to one thread often being incapable of overseeing other simultaneous threads.
Researchers have devised a way to bypass anti-virus software using the ol' bait and switch. It sends a sample of clean code which passes security checks, then swaps it out afterwards with the malicious payload. It also is more effective on mulicore systems due to one thread often being incapable of overseeing other simultaneous threads.
"We have performed tests with [most of] today's Windows desktop security products," the researchers wrote. "The results can be summarized in one sentence: If a product uses SSDT hooks or other kind of kernel mode hooks on similar level to implement security features it is vulnerable. In other words, 100% of the tested products were found vulnerable."