[Dailydave] Neat, older support for rootkits!
Dave Aitel
dave at immunitysec.com
Wed Oct 25 13:09:26 Local tim 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wait wait, I know, the future is in using kernel 0day to install
Norton Security and Symantec. Does anyone know the API they used in
this case?
http://www.eweek.com/article2/0,1895,2036638,00.asp
When a program of any kind attempts to modify the kernel on a system
running PatchGuard, which is already available in 64-bit versions of
Microsoft's Windows XP OS, the computer produces a blue screen and
stops all other Windows applications from running.
Authentium said its workaround allows it to access the kernel without
incurring the shut-down.
The company specifically said that it is using an element of the
kernel meant to help the OS support older hardware to bypass the
feature. The loophole allows the company's tools to infiltrate Vista's
kernel hooking driver, and get out, without the OS knowing the
difference.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFFP2IGzOrqAtg8JS8RAqxOAKCgyc1aiywgxPXVatidnZQk1S/kRACgk3bY
31iX2FGDZRgGMkQXD1rZr8U=
=CPl0
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list