Comodo Defence Plus Bypassed by Zeroaccess rootkit

Discussion in 'other anti-malware software' started by aigle, Dec 4, 2011.

Thread Status:
Not open for further replies.
  1. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

    Sorry, but I didn't notice there was an actual question in your last post directed towards me. Would you mind repeating it?
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    Hope it,s clear.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    The weakness of huge whitelists...
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,167
    Location:
    UK / Pakistan
    I think it,s due to digital signatures.
     
    Last edited: Dec 11, 2011
  5. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    Yeah... Digital signatures trust technology...
     
  6. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Your observations are partially correct. We don't blindly trust every digital signature though. There are certain conditions under which a digital certificate is ignored. Those additional checks worked on most but not all systems which is why in my tests the sample wasn't able to bypass OA while in your test it was. As I mentioned before though the problem has been corrected with an online update shortly after we found the underlying issue.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.