botnet 4.0 undetectable virus...
Posted 04 August 2011 - 12:05 PM
1.Is this real?
2.If it is real....then avast! doesnt skip scanning of files having valid digital signatures can avast! detect it?
Any reply is appreciated.
BC AdBot (Login to Remove)
Posted 04 August 2011 - 10:53 PM
- TDSS: Rootkit technologies from the beginning
- TDL4 – Top Bot: The ‘indestructible’ botnet
- Memory Forging Attempt by a Rootkit: TDL4 variants
- Bootkit: the challenge
- TDL4 Rootkit Bypasses Windows Code-Signing Protection
- TDSS loader has now got legs - a self-propagation mechanism
- The Worm, the Rogue DHCP, and TDL4
- Stalking TDL4: All Access Pass to the Hard Drive
- POPUREB vs. TDL4
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Posted 05 August 2011 - 03:44 AM
...as it hinds in legitimate files having vaid digital signatures...
I've done extensive research on Microsoft's digital signatures of executables (AuthentiCode).
Practically, it is not possible to alter the executable code of a signed application without invalidating the AuthentiCode signature. Theoretically it is possible, but the world lacks the cryptographic computing power and knowledge to make this a realistic attack.
What is possible however is to add data in non-executable locations of a signed application without invalidating the signature. But this added content is harmless, it can't be executed automatically.
SANS ISC Handler
Microsoft MVP 2011-2015 Consumer Security