Discussion in 'malware problems & news' started by ronjor, May 16, 2013.
Note that while Viruses and Trojans do different things once installed, prevention of infection by remote code execution (aka Drive-by Download) is the same, since both tend to drop binary executable files to disk:
Virus, from Microsoft MPC:
Trojan, from f-secure:
A system with protection against the downloading/installing of unauthorized executables will intervene to block these exploits.
Hmm. Since the Sality one uses a DLL, wouldn't it bypass a HIPS silently if rundll32 were allowed?
If the security program whitelists all executable file types on the system, then others can not run or load.
In the case of rundll32.exe, it can do whatever it wants, as long as the DLL is whitelisted. If not:
I see, thanks. I'd read that some HIPS will allow any DLL to be executed through rundll32 if the latter is allowed, but I guess that's not the case for all of them.
Separate names with a comma.