Interesting malware/POCs that you've come across

View previous topic View next topic Go down

Interesting malware/POCs that you've come across

Post by ssj100 on 20/4/2010, 15:48

Here are a few that come to mind:

A POC that can execute without actually opening the file: http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode-trigger-trio/

A fairly famous set of POCs that bypassed (at least partially) many classical HIPS including Malware Defender, Comodo's Defense+, and OA's HIPS. They also bypassed DefenseWall and GeSWall, and arguably bypassed Sandboxie (I say arguably because Sandboxie wasn't truly bypassed - nothing on the REAL system got modified, meaning Sandboxie did its job fine): http://forums.comodo.com/empty-t38189.0.html

The highly infamous .wmf exploit. Perhaps one of the most scary aspects of one of these malware variants was the fact that it could completely infect your system even without opening or browsing the infected file. That is, just having the infected file on your system was enough to allow the complete propagation of the malware. How did it do this? Well, as far as I understand it, this clever piece of malware took advantage of the Windows Indexing service (I always disable this service by the way): http://en.wikipedia.org/wiki/Windows_Metafile_vulnerability

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum