Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

botnet 4.0 undetectable virus...


  • Please log in to reply
2 replies to this topic

#1 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 AM

Posted 04 August 2011 - 12:05 PM

Well.i have been hearing that there is a virus going around corrupted websites....its known as botnet 4.0 virus...they say it can spoil a computer by corrupting data on the hard disk....making copies of itself and infecting system files....the worst thing is that....this virus is not detectable by any antivirus as it hinds in legitimate files having vaid digital signatures....i have 2 questions:

1.Is this real?

2.If it is real....then avast! doesnt skip scanning of files having valid digital signatures can avast! detect it? :mellow:



Any reply is appreciated.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,757 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 04 August 2011 - 10:53 PM

Everything you want to know about TDL4:
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 1,209 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 05 August 2011 - 03:44 AM

...as it hinds in legitimate files having vaid digital signatures...


I've done extensive research on Microsoft's digital signatures of executables (AuthentiCode).

Practically, it is not possible to alter the executable code of a signed application without invalidating the AuthentiCode signature. Theoretically it is possible, but the world lacks the cryptographic computing power and knowledge to make this a realistic attack.

What is possible however is to add data in non-executable locations of a signed application without invalidating the signature. But this added content is harmless, it can't be executed automatically.
Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com
Microsoft MVP 2011-2014 Consumer Security
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users