botnet 4.0 undetectable virus...
Posted 04 August 2011 - 12:05 PM
1.Is this real?
2.If it is real....then avast! doesnt skip scanning of files having valid digital signatures can avast! detect it?
Any reply is appreciated.
Posted 04 August 2011 - 10:53 PM
- TDSS: Rootkit technologies from the beginning
- TDL4 – Top Bot: The ‘indestructible’ botnet
- Memory Forging Attempt by a Rootkit: TDL4 variants
- Bootkit: the challenge
- TDL4 Rootkit Bypasses Windows Code-Signing Protection
- TDSS loader has now got legs - a self-propagation mechanism
- The Worm, the Rogue DHCP, and TDL4
- Stalking TDL4: All Access Pass to the Hard Drive
- POPUREB vs. TDL4
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Posted 05 August 2011 - 03:44 AM
...as it hinds in legitimate files having vaid digital signatures...
I've done extensive research on Microsoft's digital signatures of executables (AuthentiCode).
Practically, it is not possible to alter the executable code of a signed application without invalidating the AuthentiCode signature. Theoretically it is possible, but the world lacks the cryptographic computing power and knowledge to make this a realistic attack.
What is possible however is to add data in non-executable locations of a signed application without invalidating the signature. But this added content is harmless, it can't be executed automatically.
Microsoft MVP 2011-2013 Consumer Security
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users