Are Viruses Making a Comeback?

Discussion in 'malware problems & news' started by ronjor, May 16, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    https://blogs.technet.com/b/securit...iruses-making-a-comeback.aspx?Redirected=true
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Note that while Viruses and Trojans do different things once installed, prevention of infection by remote code execution (aka Drive-by Download) is the same, since both tend to drop binary executable files to disk:

    Virus, from Microsoft MPC:

    Trojan, from f-secure:

    A system with protection against the downloading/installing of unauthorized executables will intervene to block these exploits.


    ----
    rich
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Hmm. Since the Sality one uses a DLL, wouldn't it bypass a HIPS silently if rundll32 were allowed?
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    If the security program whitelists all executable file types on the system, then others can not run or load.

    In the case of rundll32.exe, it can do whatever it wants, as long as the DLL is whitelisted. If not:

    [​IMG]


    ----
    rich
     
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    I see, thanks. I'd read that some HIPS will allow any DLL to be executed through rundll32 if the latter is allowed, but I guess that's not the case for all of them.
     
Loading...
Thread Status:
Not open for further replies.