BLEEPINGCOMPUTER NEEDS YOUR HELP!
BleepingComputer is being sued by Enigma Software because of a negative review of SpyHunter.
A case like this could easily cost hundreds of thousands of dollars. If we have ever helped you in the past, please consider helping us. To learn more and to read the lawsuit, click here.
CONTRIBUTE TO OUR LEGAL DEFENSE
All unused funds will be donated to the Electronic Frontier Foundation (EFF).
LET OTHERS KNOW
You can press escape or click on the X to close this box.
botnet 4.0 undetectable virus...
Posted 04 August 2011 - 12:05 PM
1.Is this real?
2.If it is real....then avast! doesnt skip scanning of files having valid digital signatures can avast! detect it?
Any reply is appreciated.
BC AdBot (Login to Remove)
Posted 04 August 2011 - 10:53 PM
- TDSS: Rootkit technologies from the beginning
- TDL4 – Top Bot: The ‘indestructible’ botnet
- Memory Forging Attempt by a Rootkit: TDL4 variants
- Bootkit: the challenge
- TDL4 Rootkit Bypasses Windows Code-Signing Protection
- TDSS loader has now got legs - a self-propagation mechanism
- The Worm, the Rogue DHCP, and TDL4
- Stalking TDL4: All Access Pass to the Hard Drive
- POPUREB vs. TDL4
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
If we have helped you and you wish to make a DONATION, please Help BleepingComputer!
Posted 05 August 2011 - 03:44 AM
...as it hinds in legitimate files having vaid digital signatures...
I've done extensive research on Microsoft's digital signatures of executables (AuthentiCode).
Practically, it is not possible to alter the executable code of a signed application without invalidating the AuthentiCode signature. Theoretically it is possible, but the world lacks the cryptographic computing power and knowledge to make this a realistic attack.
What is possible however is to add data in non-executable locations of a signed application without invalidating the signature. But this added content is harmless, it can't be executed automatically.
SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users