Don't know whether somebody already posted it, but I guess it's an important one here:...
I think you're confusing direct I/O when overwriting specific sectors with file activities ;)
Using SCSI IOCTLs to encrypt files and thus working at file system level? Then I'd definitely clap my hands, the malware absolutely deserve to...
:thumb:
Hi trjam, yes, I'm director of a private start up company in Italy, though we are providers of technologies for Webroot still, so I'm here :) We...
It's not hard at all indeed ;)
if you go on maps.google.com and search for "Webroot, CO", you'll easily find it :)
That's it ;)
Nobody talked about AE vs AV. Again, what I'm saying here is why an anti-executable solution by itself can be a reliable solution only in very...
Or you can rely on some security solution that at least run some kind of more advanced and deeper scan on the file content than just asking you if...
Yes, sometimes is social engineering. Sometimes it's the source which was unknowingly infected, breaking the trustworthy chain at the early...
Everybody here is focusing more on the side of "how a malware can execute itself if there's some anti-exec software installed onto the system"....
Hi all, first of all let me say thank you so much for your kind and warm words. They really fill up my heart and I'm so pleased :) No worries,...
1) Here I'm not speaking on behalf of Prevx, I'm expressing my personal opinion about this topic 2) I never complained about PatchGuard (or...
It demonstrates that most security vendors decided to use undocumented and not recommented ways to work into the kernel mode. When Microsoft...
To be honest, more than PatchGuard, the real feature which allowed the OS to self-defense against kernel mode malware is the digital signature...
- Kernel notification routines - FS filter drivers - WSK drivers These are just few examples. Everything is highly documented on the MSDN
False statement. It is actually possible to work at ring0 and you can even implement your own security solution which is PatchGuard-compliant
Why the hell do you need to hook SYSENTER to give protection to the customer? Windows x64 can be actually hardened and secured if you know how...
Not anymore ;)
You're welcome :) You'll find a lot of documentation about ZeroAccess rootkit in our blog:...
It's enough to run the tool and follow the instructions listed on the screen. Do you need any help about how to use it? :)
That's not the new product which has been tested actually ;)
It already does :) http://www.prevxresearch.com/zeroaccess_analysis.pdf
Separate names with a comma.