Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > malware problems & news
Reload this Page One Method Malware Uses to Bypass Detection
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old June 22nd, 2012, 11:57 AM
mattfrog's Avatar
mattfrog mattfrog is offline
Infrequent Poster
  
Join Date: Apr 2012
Location: United Kingdom
Posts: 48
Default One Method Malware Uses to Bypass Detection
Quote:
So how does malware evade detection when starting new rogue processes? Easy—it directly attacks the operating system’s kernel. Microsoft provides the kernel routine PsSetCreateProcessNotifyRoutine to allow security software to monitor process creation and termination events in the Windows kernel, and security software calls the PsSetCreateProcessNotifyRoutine in order to be notified by the kernel when these events occur. These security solutions will then act on process creation and termination events in order to track system activity and protect critical resources.
http://blog.fireeye.com/research/201...nitoring-.html
  #2  
Old June 23rd, 2012, 06:16 AM
kareldjag's Avatar
kareldjag kareldjag is offline
Frequent Poster
  
Join Date: Nov 2004
Location: Feet in France, Mind in the World
Posts: 521
Default Re: One Method Malware Uses to Bypass Detection
Hi
Known method and nothing new under the sun for this marketing blog post (our product is better than other blah blah blah...).
Since the rise of modern rootkits any serious security AV or security vendor has improved its product to stay valuable in this highly competitive industry.

Rgds
__________________
Independent vision of Security (Security? Yeah But Well: http://www.ouaismaisbon.ch/ )
Fight child crime: http://www.circamp.eu/ http://www.virtualglobaltaskforce.com/
  #3  
Old June 23rd, 2012, 12:17 PM
Mrkvonic Mrkvonic is offline
Linux Systems Expert
  
Join Date: May 2005
Posts: 7,465
Default Re: One Method Malware Uses to Bypass Detection
I call that TL ; DR.
Mrk
__________________
http://www.dedoimedo.com

All your base are belong to us

Linux Systems Expert / Systems Programmer, Linux System Administrator, LPIC-1, LPIC-2 (WIP), GSEC, CCHD, CCHA
 

Wilders Security Forums > Other Security Topics > malware problems & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 07:13 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums