Stuxnet .(lnk exploit malware) versus HIPS

Discussion in 'other anti-malware software' started by aigle, Apr 20, 2011.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Remember, that a DLL is not meant to be clicked, rather, executed in some command line using rundll32.exe

    regards,

    -rich
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Thought i'd try it a see ;)

    Without unticking that option in PG all new/changed files get blocked :thumb:

    hand.gif

    Unticking in PG.

    unt.gif

    To then allow this

    run.gif

    As i don't allow rundll32.exe free reign on my comp :thumb: Only then did the jwgkvsq.vmx experiment go ahead.
     
    Last edited: Apr 26, 2011
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    With that restriction, it seems you've got DLL exploits covered!

    regards,

    -rich
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Thanks :thumb: yes i believe so :)

    It's not an inconvenience to me, as i don't often require it. No big deal to untick if required, for the duration only.
     
  6. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    No problem, i understand you can't be everywhere :)
     
  7. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    Ok, Im getting confused with this thread, do OA, Comodo Defensewall Hips and etc... block stuxnet or not?
    And do they block clicker worm?
    Do they block any of real-world malwares at all?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.