Proof of concept virus might take over hardware

Discussion in 'Ghost Security Suite (GSS)' started by turion, Aug 28, 2006.

Thread Status:
Not open for further replies.
  1. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
  2. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Probably... because they have to execute in the first place.
     
  3. Jito463

    Jito463 Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    16
    It's already been proven that it's impossible to do without you knowing about it. Though if you allow it to happen, you're pretty much hosed. Of course, that's pretty much the case with any virus if you let it run on your computer.
     
  4. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    One thing to remember with any program (not just AppDefend) that provides execution protection is that there are ways to obfuscate what is being executed

    One method that comes to mind is the use of rundll32.exe, at least some programs tend to end up in a configuration where they allow any invocation of rundll32 to launch silently in order to avoid the annoying false positives that happen from normal use
     
  5. Jito463

    Jito463 Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    16
    Something else would still have to run to call rundll32, and this could easily be caught. Now, if the user allows it to run, they're hosed. But this goes back to what I said originally.
     
Thread Status:
Not open for further replies.