1.Is this real?
2.If it is real....then avast! doesnt skip scanning of files having valid digital signatures can avast! detect it?
Any reply is appreciated.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
botnet 4.0 undetectable virus...
Started by
shreyas1995
, Aug 04 2011 12:05 PM
2 replies to this topic
#1
shreyas1995
-
- Banned
-
- 72 posts
Member
- Gender:Male
Posted 04 August 2011 - 12:05 PM
Well.i have been hearing that there is a virus going around corrupted websites....its known as botnet 4.0 virus...they say it can spoil a computer by corrupting data on the hard disk....making copies of itself and infecting system files....the worst thing is that....this virus is not detectable by any antivirus as it hinds in legitimate files having vaid digital signatures....i have 2 questions:
1.Is this real?
2.If it is real....then avast! doesnt skip scanning of files having valid digital signatures can avast! detect it?
Any reply is appreciated.
1.Is this real?
2.If it is real....then avast! doesnt skip scanning of files having valid digital signatures can avast! detect it?
Any reply is appreciated.
Back to top- BC Ads
- BleepingComputer.com
#2
quietman7
-
- Global Moderator
-
- 26,100 posts
Bleepin' Janitor
- Gender:Male
- Location:Virginia, USA
Posted 04 August 2011 - 10:53 PM
Everything you want to know about TDL4:
- TDSS: Rootkit technologies from the beginning
- TDL4 – Top Bot: The ‘indestructible’ botnet
- Memory Forging Attempt by a Rootkit: TDL4 variants
- Bootkit: the challenge
- TDL4 Rootkit Bypasses Windows Code-Signing Protection
- TDSS loader has now got legs - a self-propagation mechanism
- The Worm, the Rogue DHCP, and TDL4
- Stalking TDL4: All Access Pass to the Hard Drive
- POPUREB vs. TDL4
Microsoft MVP - Consumer Security 2007-2013 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
#3
Didier Stevens
-
- BC Advisor
-
- 813 posts
Distinguished Member
- Gender:Male
Posted 05 August 2011 - 03:44 AM
...as it hinds in legitimate files having vaid digital signatures...
I've done extensive research on Microsoft's digital signatures of executables (AuthentiCode).
Practically, it is not possible to alter the executable code of a signed application without invalidating the AuthentiCode signature. Theoretically it is possible, but the world lacks the cryptographic computing power and knowledge to make this a realistic attack.
What is possible however is to add data in non-executable locations of a signed application without invalidating the signature. But this added content is harmless, it can't be executed automatically.
Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com
Microsoft MVP 2011-2013 Consumer Security
http://blog.DidierStevens.com
http://DidierStevensLabs.com
Microsoft MVP 2011-2013 Consumer Security
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
