There was a banking trojan in the wild that used some sort of memory execution. And I thought it should be more common by now and I should have...
Yup, it is a Google thing. I got that when using a certain Proxy. A precaution from a spamming network, botnet or DDOS attacks...
Apologies to DHRF and his group regarding Paravirtualization. Paravirtualization was mentioned here......
I know that. What I meant was in particular how can an infected CD pass the malware to a clean machine where: a) the BIOS of the computer was...
:) Of course, it is plausible and feasible. I am not making all those up. Everything I say is in the Brossard's paper. See the link I have...
Yup. Fortunately, there are only a few vulnerabilities on that kernel driver. The most recent ones affect only newer Windows version(now patched)...
Actually, tcp/ip stack is managed by the tcp/ip driver in the kernel. So any exploit to that tcp/ip kernel driver vulnerability will get to kernel...
Ok, so the particular GPU hypervisor malware you got is quite different to Brossard's Rakshasha in terms of how they were installed. I never quite...
Though not detailed until we wait for DHRF's, this I can offer. Since malware has gotten through the "rooted" system either from; a) exploit/s for...
As Brossard says, decision makers should be more aware about this possibility. Supply chain should be thoroughly checked. How about this...
There's one in the wild though not on VC but on another firmware. http://www.theregister.co.uk/2011/09/14/bios_rootkit_discovered/ Greed and...
It mentioned UEFI but not Secureboot or Windows 8.
Actually, the Brossard paper is from 2012. UEFI, TPM, Full Disk encryption, etc are all discussed there. See my sig. He he Mammon works in...
I think this is still possible because of coreboot. Hence, cross-platform or architecture. If the GPU or any firmware is infected, then various...
I doubt Gmer or any scanner will find anything if this be a bonafide GPU rootkit. Those tests I think will just bring a lot of false positives....
Chips becoming or thinking like humans while humans being chipped and humans animating cybernetics or any host like in the movie avatar, these are...
I don't know anything about seccomp, but HIPS do filter system calls. Though its PITA to configure interprocess communications(preventing virtual...
Just combine VR/sandboxing with kernel hooking HIPS to guard low-level disk writes to MBR from MBR malwares, bootkits and any driver loading...
"The finest blend of the latest IT security news headlines, updated every 4 hours." http://www.morningstarsecurity.com/news
How about alerting PG for wscript.exe and cscript.exe aside from cmd.exe for that .bat & .vbs? Aside from ntvdm.exe, include debug.exe as well....
Thanks. No need to bother. AlexC said he didn't find anything in his logs(though he rarely connects to the internet)....
Leo with Steve on "Security Now" podcast said that somebody could just put a thumbdrive on any public computers or to a library (those still...
For windows, a permanent solution could have been a complete revamp on their model of putting graphics or fonts renderring on the kernel for...
Ha ha! Not from a privacy perspective. I have nothing to hide. But from a security standpoint, I mean why linux kernel opens a port and...
Unfortunately, they can use these easy targets first(java, adobe) to gain local access, then do privilege escalation using Kernel exploits. No...
Separate names with a comma.