DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
October 28, 2016 
Main Menu
News archives

Who's Online
There are currently 57 people online.


Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin

Follow us

Researchers develop attack that bypasses all anti-virus software

Posted on Tuesday, May 11 2010 @ 03:00:33 CEST by

Security researchers have crafted a new exploit that can bypass protections of dozens of the most popular anti-virus tools. In layman's terms, the method works by sending the anti-virus software a sample of code that will pass the security checks and then, before the code is executed, swap it with a malicious payload. All anti-virus programs that use SSDT (System Service Descriptor Table) are affected, which includes all of the 34 products the researchers tested, including software from McAfee, Trend Micro, AVG and BitDefender.
The exploit has to be timed just right so the benign code isn't switched too soon or too late. But for systems running on multicore processors, matousec's "argument-switch" attack is fairly reliable because one thread is often unable to keep track of other simultaneously running threads. As a result, the vast majority of malware protection offered for Windows PCs can be tricked into allowing malicious code that under normal conditions would be blocked.

All that's required is that the AV software use SSDT, or System Service Descriptor Table, hooks to modify parts of the OS kernel.
More info at The Register.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba