Interesting malware/POCs that you've come across

Go down

Interesting malware/POCs that you've come across

Post by ssj100 on 20/4/2010, 15:48

Here are a few that come to mind:

A POC that can execute without actually opening the file:

A fairly famous set of POCs that bypassed (at least partially) many classical HIPS including Malware Defender, Comodo's Defense+, and OA's HIPS. They also bypassed DefenseWall and GeSWall, and arguably bypassed Sandboxie (I say arguably because Sandboxie wasn't truly bypassed - nothing on the REAL system got modified, meaning Sandboxie did its job fine):

The highly infamous .wmf exploit. Perhaps one of the most scary aspects of one of these malware variants was the fact that it could completely infect your system even without opening or browsing the infected file. That is, just having the infected file on your system was enough to allow the complete propagation of the malware. How did it do this? Well, as far as I understand it, this clever piece of malware took advantage of the Windows Indexing service (I always disable this service by the way):

Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Posts : 1389
Join date : 2010-04-14

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum