Dailydave mailing list archives
Neat, older support for rootkits!
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 25 Oct 2006 09:09:26 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wait wait, I know, the future is in using kernel 0day to install Norton Security and Symantec. Does anyone know the API they used in this case? http://www.eweek.com/article2/0,1895,2036638,00.asp When a program of any kind attempts to modify the kernel on a system running PatchGuard, which is already available in 64-bit versions of Microsoft's Windows XP OS, the computer produces a blue screen and stops all other Windows applications from running. Authentium said its workaround allows it to access the kernel without incurring the shut-down. The company specifically said that it is using an element of the kernel meant to help the OS support older hardware to bypass the feature. The loophole allows the company's tools to infiltrate Vista's kernel hooking driver, and get out, without the OS knowing the difference. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFFP2IGzOrqAtg8JS8RAqxOAKCgyc1aiywgxPXVatidnZQk1S/kRACgk3bY 31iX2FGDZRgGMkQXD1rZr8U= =CPl0 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Neat, older support for rootkits! Dave Aitel (Oct 25)